From bc61d82487bff4719ce63a940b366c4589abb3ca Mon Sep 17 00:00:00 2001 From: Kat Inskip Date: Wed, 15 Nov 2023 11:10:44 -0800 Subject: [PATCH] Refactors, konawall-py for darwin, sumireko update to Sonoma --- common/home.nix | 3 +- darwin/distributed.nix | 20 +-- darwin/orbstack.nix | 71 +++++++++ home/environments/darwin/konawall.nix | 93 +++++++++++ {kat => home/environments}/gnome/dconf.nix | 0 .../environments}/gnome/extensions.nix | 0 {kat => home/environments}/gnome/gtk.nix | 0 {kat => home/environments}/gnome/ssh.nix | 0 {kat => home/environments}/kde/gtk.nix | 0 {kat => home/environments}/kde/kde.nix | 0 {kat => home/environments}/kde/konawall.nix | 0 {kat => home/environments}/kde/qt.nix | 0 {kat => home/environments}/sway/barrier.nix | 0 {kat => home/environments}/sway/gtk.nix | 0 {kat => home/environments}/sway/layout.xkb | 0 {kat => home/environments}/sway/mako.nix | 0 {kat => home/environments}/sway/sway.nix | 0 {kat => home/environments}/sway/waybar.nix | 0 {kat => home/environments}/sway/waybar.sass | 0 {kat => home/environments}/sway/wofi.nix | 0 {kat => home/environments}/sway/wofi.sass | 0 {kat => home/environments}/sway/xdg.nix | 0 {kat => home/environments}/sway/xkb.nix | 0 {kat => home/profiles/common}/base16.nix | 0 {kat => home/profiles}/common/docs.nix | 1 - home/profiles/common/profile-inheritance.nix | 6 + home/profiles/devops/packages.nix | 25 +++ {kat => home/profiles/graphical}/gpg.nix | 0 home/profiles/graphical/packages.nix | 43 +++++ {kat => home/profiles/graphical}/vscode.nix | 0 {kat => home/profiles/graphical}/wezterm.nix | 0 {kat => home/profiles}/neovim/default.nix | 1 - {kat => home/profiles}/neovim/init.lua | 0 {kat => home/profiles}/shell/bitw.nix | 2 +- {kat => home/profiles}/shell/direnv.nix | 0 {kat => home/profiles}/shell/eza.nix | 2 +- {kat => home/profiles}/shell/fzf.nix | 0 {kat => home/profiles}/shell/git.nix | 4 +- {kat => home/profiles}/shell/inputrc.nix | 0 {kat => home/profiles}/shell/lc.nix | 0 {kat => home/profiles}/shell/packages.nix | 0 {kat => home/profiles}/shell/rink.nix | 0 {kat => home/profiles}/shell/ssh.nix | 0 {kat => home/profiles}/shell/starship.nix | 0 {kat => home/profiles}/shell/tmux.nix | 0 {kat => home/profiles}/shell/z.nix | 0 {kat => home/profiles}/shell/zsh.nix | 0 {kat => home}/user/common.nix | 2 +- {kat => home}/user/darwin.nix | 0 {kat => home}/user/data.nix | 0 {kat => home}/user/default.nix | 0 {kat => home}/user/nixos.nix | 2 +- kat/default.nix | 42 ----- kat/gui/media.nix | 7 - kat/gui/mpv.nix | 125 --------------- kat/gui/packages.nix | 32 ---- modules/nixos/machine.nix | 15 ++ nixos/common/access.nix | 14 -- nixos/common/autoupgrade.nix | 6 - nixos/common/{getty.nix => console.nix} | 0 .../{docs.nix => disable-documentation.nix} | 0 nixos/common/{users.nix => mutable-users.nix} | 0 nixos/common/{network.nix => nftables.nix} | 1 - nixos/common/nix-deploy-trusted-user.nix | 9 ++ nixos/common/nix.nix | 21 --- nixos/common/ssh.nix | 14 -- nixos/common/sudo-nopasswd.nix | 16 ++ nixos/common/tailscale.nix | 3 + nixos/common/{time.nix => tzupdate.nix} | 0 nixos/common/{shell.nix => zsh.nix} | 0 nixos/environments/gnome/dconf.nix | 3 + .../gnome/packages.nix} | 14 +- .../gnome/profile-inheritance.nix | 9 ++ nixos/environments/gnome/xserver.nix | 7 + nixos/environments/kde/dconf.nix | 3 + .../environments/kde/profile-inheritance.nix | 9 ++ nixos/environments/kde/xserver.nix | 7 + .../environments/sway/profile-inheritance.nix | 9 ++ nixos/{roles => environments}/sway/sway.nix | 0 .../sway/xdg-portals.nix | 0 nixos/hardware/default.nix | 26 --- nixos/hardware/intel.nix | 11 ++ nixos/hardware/laptop.nix | 37 ----- nixos/hardware/lenovo-thinkpad-x260-local.nix | 17 -- nixos/hardware/sound.nix | 45 ------ .../profiles/bootable/loader-config-limit.nix | 8 + nixos/profiles/bootable/sysctl.nix | 15 ++ nixos/profiles/bootable/tmp.nix | 8 + nixos/profiles/bootable/zfs.nix | 14 ++ nixos/{roles => profiles}/gaming/steam.nix | 0 nixos/{roles => profiles}/graphical/dns.nix | 0 nixos/{roles => profiles}/graphical/fonts.nix | 0 nixos/{roles => profiles}/graphical/gpg.nix | 0 .../graphical/hardware.nix | 0 nixos/{roles => profiles}/graphical/nfs.nix | 0 .../graphical/packages.nix | 0 nixos/{roles => profiles}/graphical/pam.nix | 0 .../graphical/profile-inheritance.nix | 5 + nixos/{roles => profiles}/graphical/qt.nix | 0 nixos/profiles/graphical/sound.nix | 21 +++ .../profiles/laptop/power-profiles-daemon.nix | 3 + nixos/profiles/laptop/powertop.nix | 3 + nixos/profiles/laptop/thermald.nix | 11 ++ nixos/profiles/server/linger.nix | 4 + nixos/profiles/server/mosh.nix | 3 + nixos/profiles/server/profile-inheritance.nix | 5 + nixos/profiles/server/tailscale.nix | 13 ++ .../wireless}/bluetooth.nix | 0 nixos/profiles/wireless/firewall.nix | 11 ++ .../{hardware => profiles/wireless}/wifi.nix | 10 +- nixos/roles/bootable.nix | 35 ----- nixos/roles/graphical/bootable.nix | 5 - nixos/roles/kde/kde.nix | 10 -- nixos/roles/minecraft-server.nix | 48 ------ nixos/roles/server.nix | 26 --- .../matrix-homeserver/nginx.nix | 12 +- .../matrix-homeserver/scalpel.nix | 0 .../matrix-homeserver/secrets.nix | 0 .../matrix-homeserver/secrets.yaml | 0 .../matrix-homeserver/synapse.nix | 0 nixos/{roles => servers}/monica-server.nix | 0 .../monitoring-server/grafana.nix | 6 +- .../monitoring-server/nginx.nix | 0 .../monitoring-server/prometheus.nix | 0 .../monitoring-server/scalpel.nix | 0 .../monitoring-server/secrets.nix | 0 .../monitoring-server/secrets.yaml | 0 .../monitoring-server/synapse-v2.rules | 0 .../monitoring-server/telegraf.nix | 0 nixos/{roles => servers}/postgres-server.nix | 0 nixos/{roles => servers}/public-directory.nix | 2 +- .../vaultwarden-server/nginx.nix | 0 .../vaultwarden-server/postgres.nix | 0 .../vaultwarden-server/scalpel.nix | 0 .../vaultwarden-server/secrets.yaml | 0 .../vaultwarden-server/vaultwarden.nix | 0 .../web-irc-client}/nginx.nix | 0 .../web-irc-client}/thelounge.nix | 0 nixos/{roles => servers}/web-server/acme.nix | 0 .../web-server/firewall.nix | 0 nixos/{roles => servers}/web-server/nginx.nix | 0 .../{roles => servers}/web-server/scalpel.nix | 0 .../{roles => servers}/web-server/secrets.nix | 0 .../web-server/secrets.yaml | 0 systems/chen.nix | 97 ++++++------ systems/default.nix | 7 +- systems/goliath.nix | 73 +++++---- systems/koishi.nix | 36 +++-- systems/renko.nix | 41 ++--- systems/sumireko.nix | 148 ++++++------------ tree.nix | 26 +-- 151 files changed, 691 insertions(+), 792 deletions(-) create mode 100644 darwin/orbstack.nix create mode 100644 home/environments/darwin/konawall.nix rename {kat => home/environments}/gnome/dconf.nix (100%) rename {kat => home/environments}/gnome/extensions.nix (100%) rename {kat => home/environments}/gnome/gtk.nix (100%) rename {kat => home/environments}/gnome/ssh.nix (100%) rename {kat => home/environments}/kde/gtk.nix (100%) rename {kat => home/environments}/kde/kde.nix (100%) rename {kat => home/environments}/kde/konawall.nix (100%) rename {kat => home/environments}/kde/qt.nix (100%) rename {kat => home/environments}/sway/barrier.nix (100%) rename {kat => home/environments}/sway/gtk.nix (100%) rename {kat => home/environments}/sway/layout.xkb (100%) rename {kat => home/environments}/sway/mako.nix (100%) rename {kat => home/environments}/sway/sway.nix (100%) rename {kat => home/environments}/sway/waybar.nix (100%) rename {kat => home/environments}/sway/waybar.sass (100%) rename {kat => home/environments}/sway/wofi.nix (100%) rename {kat => home/environments}/sway/wofi.sass (100%) rename {kat => home/environments}/sway/xdg.nix (100%) rename {kat => home/environments}/sway/xkb.nix (100%) rename {kat => home/profiles/common}/base16.nix (100%) rename {kat => home/profiles}/common/docs.nix (74%) create mode 100644 home/profiles/common/profile-inheritance.nix create mode 100644 home/profiles/devops/packages.nix rename {kat => home/profiles/graphical}/gpg.nix (100%) create mode 100644 home/profiles/graphical/packages.nix rename {kat => home/profiles/graphical}/vscode.nix (100%) rename {kat => home/profiles/graphical}/wezterm.nix (100%) rename {kat => home/profiles}/neovim/default.nix (96%) rename {kat => home/profiles}/neovim/init.lua (100%) rename {kat => home/profiles}/shell/bitw.nix (84%) rename {kat => home/profiles}/shell/direnv.nix (100%) rename {kat => home/profiles}/shell/eza.nix (82%) rename {kat => home/profiles}/shell/fzf.nix (100%) rename {kat => home/profiles}/shell/git.nix (84%) rename {kat => home/profiles}/shell/inputrc.nix (100%) rename {kat => home/profiles}/shell/lc.nix (100%) rename {kat => home/profiles}/shell/packages.nix (100%) rename {kat => home/profiles}/shell/rink.nix (100%) rename {kat => home/profiles}/shell/ssh.nix (100%) rename {kat => home/profiles}/shell/starship.nix (100%) rename {kat => home/profiles}/shell/tmux.nix (100%) rename {kat => home/profiles}/shell/z.nix (100%) rename {kat => home/profiles}/shell/zsh.nix (100%) rename {kat => home}/user/common.nix (62%) rename {kat => home}/user/darwin.nix (100%) rename {kat => home}/user/data.nix (100%) rename {kat => home}/user/default.nix (100%) rename {kat => home}/user/nixos.nix (86%) delete mode 100644 kat/default.nix delete mode 100644 kat/gui/media.nix delete mode 100644 kat/gui/mpv.nix delete mode 100644 kat/gui/packages.nix create mode 100644 modules/nixos/machine.nix delete mode 100644 nixos/common/autoupgrade.nix rename nixos/common/{getty.nix => console.nix} (100%) rename nixos/common/{docs.nix => disable-documentation.nix} (100%) rename nixos/common/{users.nix => mutable-users.nix} (100%) rename nixos/common/{network.nix => nftables.nix} (55%) create mode 100644 nixos/common/nix-deploy-trusted-user.nix delete mode 100644 nixos/common/nix.nix create mode 100644 nixos/common/sudo-nopasswd.nix create mode 100644 nixos/common/tailscale.nix rename nixos/common/{time.nix => tzupdate.nix} (100%) rename nixos/common/{shell.nix => zsh.nix} (100%) create mode 100644 nixos/environments/gnome/dconf.nix rename nixos/{roles/gnome/gnome.nix => environments/gnome/packages.nix} (68%) create mode 100644 nixos/environments/gnome/profile-inheritance.nix create mode 100644 nixos/environments/gnome/xserver.nix create mode 100644 nixos/environments/kde/dconf.nix create mode 100644 nixos/environments/kde/profile-inheritance.nix create mode 100644 nixos/environments/kde/xserver.nix create mode 100644 nixos/environments/sway/profile-inheritance.nix rename nixos/{roles => environments}/sway/sway.nix (100%) rename nixos/{roles => environments}/sway/xdg-portals.nix (100%) delete mode 100644 nixos/hardware/default.nix create mode 100644 nixos/hardware/intel.nix delete mode 100644 nixos/hardware/laptop.nix delete mode 100644 nixos/hardware/lenovo-thinkpad-x260-local.nix delete mode 100644 nixos/hardware/sound.nix create mode 100644 nixos/profiles/bootable/loader-config-limit.nix create mode 100644 nixos/profiles/bootable/sysctl.nix create mode 100644 nixos/profiles/bootable/tmp.nix create mode 100644 nixos/profiles/bootable/zfs.nix rename nixos/{roles => profiles}/gaming/steam.nix (100%) rename nixos/{roles => profiles}/graphical/dns.nix (100%) rename nixos/{roles => profiles}/graphical/fonts.nix (100%) rename nixos/{roles => profiles}/graphical/gpg.nix (100%) rename nixos/{roles => profiles}/graphical/hardware.nix (100%) rename nixos/{roles => profiles}/graphical/nfs.nix (100%) rename nixos/{roles => profiles}/graphical/packages.nix (100%) rename nixos/{roles => profiles}/graphical/pam.nix (100%) create mode 100644 nixos/profiles/graphical/profile-inheritance.nix rename nixos/{roles => profiles}/graphical/qt.nix (100%) create mode 100644 nixos/profiles/graphical/sound.nix create mode 100644 nixos/profiles/laptop/power-profiles-daemon.nix create mode 100644 nixos/profiles/laptop/powertop.nix create mode 100644 nixos/profiles/laptop/thermald.nix create mode 100644 nixos/profiles/server/linger.nix create mode 100644 nixos/profiles/server/mosh.nix create mode 100644 nixos/profiles/server/profile-inheritance.nix create mode 100644 nixos/profiles/server/tailscale.nix rename nixos/{hardware => profiles/wireless}/bluetooth.nix (100%) create mode 100644 nixos/profiles/wireless/firewall.nix rename nixos/{hardware => profiles/wireless}/wifi.nix (72%) delete mode 100644 nixos/roles/bootable.nix delete mode 100644 nixos/roles/graphical/bootable.nix delete mode 100644 nixos/roles/kde/kde.nix delete mode 100644 nixos/roles/minecraft-server.nix delete mode 100644 nixos/roles/server.nix rename nixos/{roles => servers}/matrix-homeserver/nginx.nix (61%) rename nixos/{roles => servers}/matrix-homeserver/scalpel.nix (100%) rename nixos/{roles => servers}/matrix-homeserver/secrets.nix (100%) rename nixos/{roles => servers}/matrix-homeserver/secrets.yaml (100%) rename nixos/{roles => servers}/matrix-homeserver/synapse.nix (100%) rename nixos/{roles => servers}/monica-server.nix (100%) rename nixos/{roles => servers}/monitoring-server/grafana.nix (87%) rename nixos/{roles => servers}/monitoring-server/nginx.nix (100%) rename nixos/{roles => servers}/monitoring-server/prometheus.nix (100%) rename nixos/{roles => servers}/monitoring-server/scalpel.nix (100%) rename nixos/{roles => servers}/monitoring-server/secrets.nix (100%) rename nixos/{roles => servers}/monitoring-server/secrets.yaml (100%) rename nixos/{roles => servers}/monitoring-server/synapse-v2.rules (100%) rename nixos/{roles => servers}/monitoring-server/telegraf.nix (100%) rename nixos/{roles => servers}/postgres-server.nix (100%) rename nixos/{roles => servers}/public-directory.nix (98%) rename nixos/{roles => servers}/vaultwarden-server/nginx.nix (100%) rename nixos/{roles => servers}/vaultwarden-server/postgres.nix (100%) rename nixos/{roles => servers}/vaultwarden-server/scalpel.nix (100%) rename nixos/{roles => servers}/vaultwarden-server/secrets.yaml (100%) rename nixos/{roles => servers}/vaultwarden-server/vaultwarden.nix (100%) rename nixos/{roles/irc-client => servers/web-irc-client}/nginx.nix (100%) rename nixos/{roles/irc-client => servers/web-irc-client}/thelounge.nix (100%) rename nixos/{roles => servers}/web-server/acme.nix (100%) rename nixos/{roles => servers}/web-server/firewall.nix (100%) rename nixos/{roles => servers}/web-server/nginx.nix (100%) rename nixos/{roles => servers}/web-server/scalpel.nix (100%) rename nixos/{roles => servers}/web-server/secrets.nix (100%) rename nixos/{roles => servers}/web-server/secrets.yaml (100%) diff --git a/common/home.nix b/common/home.nix index c1d40955..fab405e9 100644 --- a/common/home.nix +++ b/common/home.nix @@ -18,9 +18,10 @@ in { ] ++ list.optional (tree.${systemType} ? home) tree.${systemType}.home; - users.kat.imports = with tree.kat; [ + users.kat.imports = with tree.home.profiles; [ common ]; + extraSpecialArgs = { inherit tree machine std inputs; parent = config; diff --git a/darwin/distributed.nix b/darwin/distributed.nix index 9ee7caee..b97598c4 100644 --- a/darwin/distributed.nix +++ b/darwin/distributed.nix @@ -4,14 +4,16 @@ }; launchd.daemons.start_nixos_native = { - serviceConfig.ProgramArguments = [ - "/bin/sh" - "-c" - "/bin/wait4path /nix/store && ${pkgs.writeScript "start_nixos_native" '' - /usr/bin/open "utm://start?name=NixOS Native" - ''}" - ]; - serviceConfig.Label = "org.kittywitch.start_nixos_native"; - serviceConfig.RunAtLoad = true; + serviceConfig = { + ProgramArguments = [ + "/bin/sh" + "-c" + "/bin/wait4path /nix/store && ${pkgs.writeScript "start_nixos_native" '' + /usr/bin/open "utm://start?name=NixOS Native" + ''}" + ]; + Label = "org.kittywitch.start_nixos_native"; + RunAtLoad = true; + }; }; } diff --git a/darwin/orbstack.nix b/darwin/orbstack.nix new file mode 100644 index 00000000..a30f1c2b --- /dev/null +++ b/darwin/orbstack.nix @@ -0,0 +1,71 @@ +{ + tree, + std, + ... +}: let + inherit (std) string; +in { + home-manager.users.root.programs.ssh = { + enable = true; + extraConfig = '' + Host orb + HostName 127.0.0.1 + Port 32222 + User default + IdentityFile /Users/kat/.orbstack/ssh/id_ed25519 + ProxyCommand env HOME=/Users/kat '/Applications/OrbStack.app/Contents/Frameworks/OrbStack Helper (VM).app/Contents/MacOS/OrbStack Helper (VM)' ssh-proxy-fdpass + ProxyUseFdpass yes + ''; + }; + + home-manager.users.kat = { + home.file = { + ".orbstack/ssh/authorized_keys".text = + (string.concatSep "\n" tree.home.user.data.keys) + + '' + + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILW2V8yL2vC/KDmIQdxhEeevKo1vGG18bvMNj9mLL/On + ''; + ".ssh/authorized_keys".text = '' + ${string.concatSep "\n" tree.home.user.data.keys} + ''; + }; + programs.ssh = { + enable = true; + extraConfig = '' + Host orb + HostName 127.0.0.1 + Port 32222 + User default + IdentityFile /Users/kat/.orbstack/ssh/id_ed25519 + ProxyCommand env HOME=/Users/kat '/Applications/OrbStack.app/Contents/Frameworks/OrbStack Helper (VM).app/Contents/MacOS/OrbStack Helper (VM)' ssh-proxy-fdpass + ProxyUseFdpass yes + ''; + }; + }; + + nix = { + buildMachines = [ + { + hostName = "nixos@orb"; + system = "aarch64-linux"; + supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; + } + { + hostName = "nixos@orb"; + system = "x86_64-linux"; + supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; + } + ]; + distributedBuilds = true; + extraOptions = '' + builders-use-substitutes = true + ''; + }; + + homebrew = { + casks = [ + "orbstack" + ]; + }; +} diff --git a/home/environments/darwin/konawall.nix b/home/environments/darwin/konawall.nix new file mode 100644 index 00000000..180ac0b7 --- /dev/null +++ b/home/environments/darwin/konawall.nix @@ -0,0 +1,93 @@ +{ + config, + inputs, + pkgs, + ... +}: let + konawallConfig = { + interval = 300; + rotate = true; + source = "konachan"; + tags = [ + "rating:s" + "score:>=50" + "width:>=1500" + ]; + logging = { + file = "INFO"; + console = "DEBUG"; + }; + }; +in { + home.file."Library/Application Support/konawall/config.toml".source = (pkgs.formats.toml {}).generate "konawall-config" konawallConfig; + + launchd.agents.konawall = { + enable = true; + config = let + replacementPyProject = '' + [tool.poetry] + name = "konawall" + version = "0.1.0" + license = "MIT" + description = "A hopefully cross-platform service for fetching wallpapers and setting them" + authors = [ + "Kat Inskip " + ] + readme = "README.MD" + packages = [ + {include = "konawall"} + ] + + [tool.poetry.scripts] + gui = "konawall.gui:main" + + [tool.poetry.dependencies] + python = "^3.11" + pillow = "^10.0.1" + screeninfo = "^0.8.1" + requests = "^2.31.0" + termcolor = "^2.3.0" + wxpython = "^4.2.1" + humanfriendly = "^10.0" + xdg-base-dirs = "^6.0.1" + + [build-system] + requires = [ "poetry-core" ] + build-backend = "poetry.core.masonry.api" + ''; + konawallInitialize = pkgs.writeScriptBin "konawall-initialize" '' + #!/usr/bin/env bash + set -xeuo pipefail + # get a temporary directory + tmpDir=$(mktemp -d) + # copy the repository to the temporary directory recursively without keeping the permissions from the nix store + ${pkgs.coreutils}/bin/cp -r --no-preserve=mode,ownership "${inputs.konawall-py.outPath}" "$tmpDir/konawall" + # change directory to the copy + cd $tmpDir/konawall + # overwrite the pyproject.toml with the one that we want + # use a EOF heredoc to avoid escaping the quotes + cat < pyproject.toml + ${replacementPyProject} + EOF + # install the dependencies + ${pkgs.poetry}/bin/poetry lock --no-update + ${pkgs.poetry}/bin/poetry install + # run the package + ${pkgs.poetry}/bin/poetry run gui + ''; + in { + # yeah if https://github.com/NixOS/nixpkgs/issues/233265 and https://github.com/NixOS/nixpkgs/issues/101360 + # and https://github.com/NixOS/nixpkgs/issues/105156 were ok we might be able to do this + #Program = "${inputs.konawall-py.packages.${pkgs.system}.konawall-py}/bin/konawall"; + #ProgramArguments = ["${inputs.konawall-py.packages.${pkgs.system}.konawall-py}/bin/konawall"]; + # it's unfortunate that this has to be done this way, for the most part. + ProgramArguments = [ + "/usr/bin/env" + "bash" + "${konawallInitialize}/bin/konawall-initialize" + ]; + RunAtLoad = true; + KeepAlive = true; + }; + }; +} diff --git a/kat/gnome/dconf.nix b/home/environments/gnome/dconf.nix similarity index 100% rename from kat/gnome/dconf.nix rename to home/environments/gnome/dconf.nix diff --git a/kat/gnome/extensions.nix b/home/environments/gnome/extensions.nix similarity index 100% rename from kat/gnome/extensions.nix rename to home/environments/gnome/extensions.nix diff --git a/kat/gnome/gtk.nix b/home/environments/gnome/gtk.nix similarity index 100% rename from kat/gnome/gtk.nix rename to home/environments/gnome/gtk.nix diff --git a/kat/gnome/ssh.nix b/home/environments/gnome/ssh.nix similarity index 100% rename from kat/gnome/ssh.nix rename to home/environments/gnome/ssh.nix diff --git a/kat/kde/gtk.nix b/home/environments/kde/gtk.nix similarity index 100% rename from kat/kde/gtk.nix rename to home/environments/kde/gtk.nix diff --git a/kat/kde/kde.nix b/home/environments/kde/kde.nix similarity index 100% rename from kat/kde/kde.nix rename to home/environments/kde/kde.nix diff --git a/kat/kde/konawall.nix b/home/environments/kde/konawall.nix similarity index 100% rename from kat/kde/konawall.nix rename to home/environments/kde/konawall.nix diff --git a/kat/kde/qt.nix b/home/environments/kde/qt.nix similarity index 100% rename from kat/kde/qt.nix rename to home/environments/kde/qt.nix diff --git a/kat/sway/barrier.nix b/home/environments/sway/barrier.nix similarity index 100% rename from kat/sway/barrier.nix rename to home/environments/sway/barrier.nix diff --git a/kat/sway/gtk.nix b/home/environments/sway/gtk.nix similarity index 100% rename from kat/sway/gtk.nix rename to home/environments/sway/gtk.nix diff --git a/kat/sway/layout.xkb b/home/environments/sway/layout.xkb similarity index 100% rename from kat/sway/layout.xkb rename to home/environments/sway/layout.xkb diff --git a/kat/sway/mako.nix b/home/environments/sway/mako.nix similarity index 100% rename from kat/sway/mako.nix rename to home/environments/sway/mako.nix diff --git a/kat/sway/sway.nix b/home/environments/sway/sway.nix similarity index 100% rename from kat/sway/sway.nix rename to home/environments/sway/sway.nix diff --git a/kat/sway/waybar.nix b/home/environments/sway/waybar.nix similarity index 100% rename from kat/sway/waybar.nix rename to home/environments/sway/waybar.nix diff --git a/kat/sway/waybar.sass b/home/environments/sway/waybar.sass similarity index 100% rename from kat/sway/waybar.sass rename to home/environments/sway/waybar.sass diff --git a/kat/sway/wofi.nix b/home/environments/sway/wofi.nix similarity index 100% rename from kat/sway/wofi.nix rename to home/environments/sway/wofi.nix diff --git a/kat/sway/wofi.sass b/home/environments/sway/wofi.sass similarity index 100% rename from kat/sway/wofi.sass rename to home/environments/sway/wofi.sass diff --git a/kat/sway/xdg.nix b/home/environments/sway/xdg.nix similarity index 100% rename from kat/sway/xdg.nix rename to home/environments/sway/xdg.nix diff --git a/kat/sway/xkb.nix b/home/environments/sway/xkb.nix similarity index 100% rename from kat/sway/xkb.nix rename to home/environments/sway/xkb.nix diff --git a/kat/base16.nix b/home/profiles/common/base16.nix similarity index 100% rename from kat/base16.nix rename to home/profiles/common/base16.nix diff --git a/kat/common/docs.nix b/home/profiles/common/docs.nix similarity index 74% rename from kat/common/docs.nix rename to home/profiles/common/docs.nix index a5be1a52..717fe94e 100644 --- a/kat/common/docs.nix +++ b/home/profiles/common/docs.nix @@ -3,6 +3,5 @@ _: { html.enable = false; json.enable = false; manpages.enable = false; - manual.manpages.enable = false; }; } diff --git a/home/profiles/common/profile-inheritance.nix b/home/profiles/common/profile-inheritance.nix new file mode 100644 index 00000000..30973a00 --- /dev/null +++ b/home/profiles/common/profile-inheritance.nix @@ -0,0 +1,6 @@ +{tree, ...}: { + imports = with tree.home.profiles; [ + shell + neovim + ]; +} diff --git a/home/profiles/devops/packages.nix b/home/profiles/devops/packages.nix new file mode 100644 index 00000000..aa2b661d --- /dev/null +++ b/home/profiles/devops/packages.nix @@ -0,0 +1,25 @@ +{pkgs, ...}: { + home.packages = with pkgs; [ + # IAC + + terraform # iac tool + + # Kubernetes + + kubectl # kubectl + k9s # cute k8s client, canines~ + kubernetes-helm # k8s package manager + + # AWS + + awscli2 # awscli v2 + + # Nix + + deadnix # nix dead-code scanner + alejandra # nix code formatter + statix # nix anti-pattern finder + rnix-lsp # vscode nix extensions + deploy-rs.deploy-rs # deployment system + ]; +} diff --git a/kat/gpg.nix b/home/profiles/graphical/gpg.nix similarity index 100% rename from kat/gpg.nix rename to home/profiles/graphical/gpg.nix diff --git a/home/profiles/graphical/packages.nix b/home/profiles/graphical/packages.nix new file mode 100644 index 00000000..755b1bca --- /dev/null +++ b/home/profiles/graphical/packages.nix @@ -0,0 +1,43 @@ +{pkgs, ...}: { + config = { + home.packages = with pkgs; [ + # Password manager + bitwarden + + # Task managers + btop + htop + + # Mail + thunderbird + + # Music + spotify + + # Chat + discord + nheko # Matrix + tdesktop # Telegram + dino # XMPP + signal-desktop + + # Exocortex + obsidian + + # Archivery + unzip + zip + p7zip + + # Misc + gimp-with-plugins # GIMP + exiftool # EXIF Stripping + lm_sensors # Sensor Data + cryptsetup # Encrypted block devices + yubikey-manager # Yubikey + imv # Image viewer + yt-dlp # Downloading media + v4l-utils # Webcam + ]; + }; +} diff --git a/kat/vscode.nix b/home/profiles/graphical/vscode.nix similarity index 100% rename from kat/vscode.nix rename to home/profiles/graphical/vscode.nix diff --git a/kat/wezterm.nix b/home/profiles/graphical/wezterm.nix similarity index 100% rename from kat/wezterm.nix rename to home/profiles/graphical/wezterm.nix diff --git a/kat/neovim/default.nix b/home/profiles/neovim/default.nix similarity index 96% rename from kat/neovim/default.nix rename to home/profiles/neovim/default.nix index 01a37958..64d25696 100644 --- a/kat/neovim/default.nix +++ b/home/profiles/neovim/default.nix @@ -7,7 +7,6 @@ }: let inherit (lib.modules) mkIf; inherit (std) string set; - packDir = builtins.toString (pkgs.vimUtils.packDir config.programs.neovim.plugins); initLua = pkgs.substituteAll ({ name = "init.lua"; src = ./init.lua; diff --git a/kat/neovim/init.lua b/home/profiles/neovim/init.lua similarity index 100% rename from kat/neovim/init.lua rename to home/profiles/neovim/init.lua diff --git a/kat/shell/bitw.nix b/home/profiles/shell/bitw.nix similarity index 84% rename from kat/shell/bitw.nix rename to home/profiles/shell/bitw.nix index 7c6e0887..703e3e2a 100644 --- a/kat/shell/bitw.nix +++ b/home/profiles/shell/bitw.nix @@ -7,7 +7,7 @@ enable = false; package = pkgs.rbw-bitw; settings = { - inherit (tree.kat.user.data) email; + inherit (tree.home.user.data) email; base_url = "https://vault.kittywit.ch"; identity_url = null; lock_timeout = 3600; diff --git a/kat/shell/direnv.nix b/home/profiles/shell/direnv.nix similarity index 100% rename from kat/shell/direnv.nix rename to home/profiles/shell/direnv.nix diff --git a/kat/shell/eza.nix b/home/profiles/shell/eza.nix similarity index 82% rename from kat/shell/eza.nix rename to home/profiles/shell/eza.nix index 5105cee2..8eb798eb 100644 --- a/kat/shell/eza.nix +++ b/home/profiles/shell/eza.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +_: { programs.eza = { enable = true; enableAliases = true; diff --git a/kat/shell/fzf.nix b/home/profiles/shell/fzf.nix similarity index 100% rename from kat/shell/fzf.nix rename to home/profiles/shell/fzf.nix diff --git a/kat/shell/git.nix b/home/profiles/shell/git.nix similarity index 84% rename from kat/shell/git.nix rename to home/profiles/shell/git.nix index ee097f0d..1104bcec 100644 --- a/kat/shell/git.nix +++ b/home/profiles/shell/git.nix @@ -10,7 +10,7 @@ ]; programs.git = { - inherit (tree.kat.user.data) userName userEmail; + inherit (tree.home.user.data) userName userEmail; package = pkgs.gitAndTools.gitFull; enable = true; extraConfig = { @@ -24,7 +24,7 @@ }; }; signing = { - inherit (tree.kat.user.data) key; + inherit (tree.home.user.data) key; signByDefault = true; }; }; diff --git a/kat/shell/inputrc.nix b/home/profiles/shell/inputrc.nix similarity index 100% rename from kat/shell/inputrc.nix rename to home/profiles/shell/inputrc.nix diff --git a/kat/shell/lc.nix b/home/profiles/shell/lc.nix similarity index 100% rename from kat/shell/lc.nix rename to home/profiles/shell/lc.nix diff --git a/kat/shell/packages.nix b/home/profiles/shell/packages.nix similarity index 100% rename from kat/shell/packages.nix rename to home/profiles/shell/packages.nix diff --git a/kat/shell/rink.nix b/home/profiles/shell/rink.nix similarity index 100% rename from kat/shell/rink.nix rename to home/profiles/shell/rink.nix diff --git a/kat/shell/ssh.nix b/home/profiles/shell/ssh.nix similarity index 100% rename from kat/shell/ssh.nix rename to home/profiles/shell/ssh.nix diff --git a/kat/shell/starship.nix b/home/profiles/shell/starship.nix similarity index 100% rename from kat/shell/starship.nix rename to home/profiles/shell/starship.nix diff --git a/kat/shell/tmux.nix b/home/profiles/shell/tmux.nix similarity index 100% rename from kat/shell/tmux.nix rename to home/profiles/shell/tmux.nix diff --git a/kat/shell/z.nix b/home/profiles/shell/z.nix similarity index 100% rename from kat/shell/z.nix rename to home/profiles/shell/z.nix diff --git a/kat/shell/zsh.nix b/home/profiles/shell/zsh.nix similarity index 100% rename from kat/shell/zsh.nix rename to home/profiles/shell/zsh.nix diff --git a/kat/user/common.nix b/home/user/common.nix similarity index 62% rename from kat/user/common.nix rename to home/user/common.nix index 7ba9dbc0..c5a4cef4 100644 --- a/kat/user/common.nix +++ b/home/user/common.nix @@ -4,7 +4,7 @@ ... }: { users.users.kat = { - inherit (tree.kat.user.data) description; + inherit (tree.home.user.data) description; shell = pkgs.zsh; }; } diff --git a/kat/user/darwin.nix b/home/user/darwin.nix similarity index 100% rename from kat/user/darwin.nix rename to home/user/darwin.nix diff --git a/kat/user/data.nix b/home/user/data.nix similarity index 100% rename from kat/user/data.nix rename to home/user/data.nix diff --git a/kat/user/default.nix b/home/user/default.nix similarity index 100% rename from kat/user/default.nix rename to home/user/default.nix diff --git a/kat/user/nixos.nix b/home/user/nixos.nix similarity index 86% rename from kat/user/nixos.nix rename to home/user/nixos.nix index 88327ae8..7369fc7c 100644 --- a/kat/user/nixos.nix +++ b/home/user/nixos.nix @@ -3,7 +3,7 @@ uid = 1000; isNormalUser = true; openssh.authorizedKeys = { - inherit (tree.kat.user.data) keys; + inherit (tree.home.user.data) keys; }; extraGroups = [ "wheel" diff --git a/kat/default.nix b/kat/default.nix deleted file mode 100644 index f4f4cb1b..00000000 --- a/kat/default.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - tree, - std, - ... -}: let - inherit (std) set list; - wrapImports = imports: - set.map - (_: paths: {config, ...}: { - config.home-manager.users.kat = { - imports = list.singleton paths; - }; - }) - imports; - dirImports = wrapImports tree.prev; -in - dirImports - // { - inherit (tree.prev) user; - common = { - imports = with tree.prev; [ - base16 - shell - neovim - ]; - }; - gui = { - imports = with dirImports; [ - gui - wezterm - vscode - gpg - ]; - }; - work = { - imports = with dirImports; [ - wezterm - vscode - gpg - ]; - }; - } diff --git a/kat/gui/media.nix b/kat/gui/media.nix deleted file mode 100644 index da421ebc..00000000 --- a/kat/gui/media.nix +++ /dev/null @@ -1,7 +0,0 @@ -{pkgs, ...}: { - home.packages = with pkgs; [ - imv # Image viewer - yt-dlp # Downloading media - v4l-utils # Webcam - ]; -} diff --git a/kat/gui/mpv.nix b/kat/gui/mpv.nix deleted file mode 100644 index f4b66510..00000000 --- a/kat/gui/mpv.nix +++ /dev/null @@ -1,125 +0,0 @@ -{ - config, - lib, - std, - pkgs, - ... -}: let - inherit (std) string set; - inherit (lib.modules) mkMerge mkIf; -in { - programs.mpv = { - enable = true; - scripts = with pkgs.mpvScripts; [sponsorblock paused]; - bindings = let - vim = { - "l" = "seek 5"; - "h" = "seek -5"; - "k" = "seek 60"; - "j" = "seek -60"; - "Ctrl+l" = "seek 1 exact"; - "Ctrl+h" = "seek -1 exact"; - "Ctrl+L" = "sub-seek 1"; - "Ctrl+H" = "sub-seek -1"; - "Ctrl+k" = "add chapter 1"; - "Ctrl+j" = "add chapter -1"; - "Ctrl+K" = "playlist-next"; - "Ctrl+J" = "playlist-prev"; - "Alt+h" = "frame-back-step"; - "Alt+l" = "frame-step"; - "`" = "cycle mute"; - "MBTN_RIGHT" = "cycle pause"; - "w" = "screenshot"; - "W" = "screenshot video"; - "Ctrl+w" = "screenshot window"; - "Ctrl+W" = "screenshot each-frame"; - "o" = "show-progress"; - "O" = "script-message show_osc_dur 5"; - "F1" = "cycle sub"; - "F2" = "cycle audio"; - "Ctrl+p" = "cycle video"; - "L" = "add volume 2"; - "H" = "add volume -2"; - "Alt+H" = "add audio-delay -0.100"; - "Alt+L" = "add audio-delay 0.100"; - "1" = "set volume 10"; - "2" = "set volume 20"; - "3" = "set volume 30"; - "4" = "set volume 40"; - "5" = "set volume 50"; - "6" = "set volume 60"; - "7" = "set volume 70"; - "8" = "set volume 80"; - "9" = "set volume 90"; - ")" = "set volume 150"; - "0" = "set volume 100"; - "m" = "cycle mute"; - "Ctrl+r" = "loadfile \${path}"; - "Ctrl+R" = "video-reload"; - "d" = "drop-buffers"; - "Ctrl+d" = "quit"; - }; - other = { - "RIGHT" = vim."l"; - "LEFT" = vim."h"; - "UP" = vim."k"; - "DOWN" = vim."j"; - "Ctrl+0" = "set speed 1.0"; - "Ctrl+=" = "multiply speed 1.1"; - "Ctrl+-" = "multiply speed 1/1.1"; - "Shift+LEFT" = vim."H"; - "Shift+RIGHT" = vim."L"; - "Ctrl+RIGHT" = vim."Ctrl+l"; - "Ctrl+LEFT" = vim."Ctrl+h"; - "Ctrl+Shift+LEFT" = vim."Ctrl+H"; - "Ctrl+Shift+RIGHT" = vim."Ctrl+L"; - "Ctrl+UP" = vim."Ctrl+k"; - "Ctrl+DOWN" = vim."Ctrl+j"; - "Ctrl+Shift+UP" = vim."Ctrl+K"; - "Ctrl+Shift+DOWN" = vim."Ctrl+J"; - "Alt+LEFT" = vim."Alt+h"; - "Alt+RIGHT" = vim."Alt+l"; - "SPACE" = vim."MBTN_RIGHT"; - "m" = vim."`"; - "WHEEL_UP" = vim."L"; - "WHEEL_DOWN" = vim."H"; - }; - in - vim // other; - config = mkMerge [ - (mkIf config.wayland.windowManager.sway.enable { - gpu-context = "wayland"; - }) - { - no-input-default-bindings = ""; - profile = "gpu-hq"; - hwdec = "auto"; - vo = "gpu"; - volume-max = 200; - keep-open = true; - opengl-waitvsync = true; - demuxer-max-bytes = "2000MiB"; - demuxer-max-back-bytes = "250MiB"; - osd-scale-by-window = false; - osd-bar-h = 2.5; # 3.125 default - osd-border-size = 2; # font border pixels, default 3 - term-osd-bar = true; - script-opts = - string.concatSep "," - (set.mapToValues (k: v: "${k}=${toString v}") { - ytdl_hook-ytdl_path = "${pkgs.yt-dlp}/bin/yt-dlp"; - osc-layout = "slimbox"; - osc-vidscale = "no"; - osc-deadzonesize = 0.75; - osc-minmousemove = 4; - osc-hidetimeout = 2000; - osc-valign = 0.9; - osc-timems = "yes"; - osc-seekbarstyle = "knob"; - osc-seekbarkeyframes = "no"; - osc-seekrangestyle = "slider"; - }); - } - ]; - }; -} diff --git a/kat/gui/packages.nix b/kat/gui/packages.nix deleted file mode 100644 index c69d8c78..00000000 --- a/kat/gui/packages.nix +++ /dev/null @@ -1,32 +0,0 @@ -{pkgs, ...}: { - home.packages = with pkgs; [ - # Password manager - bitwarden - # Task managers - btop - htop - # Mail - thunderbird - # Music - spotify - playerctl - # Chat - discord - nheko # Matrix - tdesktop # Telegram - dino # XMPP - signal-desktop - # Exocortex - obsidian - # Archivery - unzip - zip - p7zip - # Misc - gimp-with-plugins # GIMP - exiftool # EXIF Stripping - lm_sensors # Sensor Data - cryptsetup # Encrypted block devices - yubikey-manager # Yubikey - ]; -} diff --git a/modules/nixos/machine.nix b/modules/nixos/machine.nix new file mode 100644 index 00000000..a26f1430 --- /dev/null +++ b/modules/nixos/machine.nix @@ -0,0 +1,15 @@ +{lib, ...}: let + inherit (lib.modules) mkOption; + inherit (lib.types) enum; +in { + options.machine = { + cpuVendor = mkOption { + type = enum [ + "intel" + "amd" + "apple" + ]; + description = "CPU vendor"; + }; + }; +} diff --git a/nixos/common/access.nix b/nixos/common/access.nix index 0352e7b3..86a8e7fb 100644 --- a/nixos/common/access.nix +++ b/nixos/common/access.nix @@ -13,20 +13,6 @@ config.users.users); }; in { - security.sudo.extraRules = [ - { - users = ["deploy"]; - commands = [ - { - command = "ALL"; - options = [ - "NOPASSWD" - "SETENV" - ]; - } - ]; - } - ]; users.users = { root = commonUser; deploy = diff --git a/nixos/common/autoupgrade.nix b/nixos/common/autoupgrade.nix deleted file mode 100644 index 14c363fe..00000000 --- a/nixos/common/autoupgrade.nix +++ /dev/null @@ -1,6 +0,0 @@ -{config, ...}: { - system.autoUpgrade = { - enable = false; - flake = "github:kittywitch/infrastructure#${config.networking.hostName}"; - }; -} diff --git a/nixos/common/getty.nix b/nixos/common/console.nix similarity index 100% rename from nixos/common/getty.nix rename to nixos/common/console.nix diff --git a/nixos/common/docs.nix b/nixos/common/disable-documentation.nix similarity index 100% rename from nixos/common/docs.nix rename to nixos/common/disable-documentation.nix diff --git a/nixos/common/users.nix b/nixos/common/mutable-users.nix similarity index 100% rename from nixos/common/users.nix rename to nixos/common/mutable-users.nix diff --git a/nixos/common/network.nix b/nixos/common/nftables.nix similarity index 55% rename from nixos/common/network.nix rename to nixos/common/nftables.nix index 1a96efd4..94d3b25a 100644 --- a/nixos/common/network.nix +++ b/nixos/common/nftables.nix @@ -1,4 +1,3 @@ _: { networking.nftables.enable = true; - services.tailscale.enable = true; } diff --git a/nixos/common/nix-deploy-trusted-user.nix b/nixos/common/nix-deploy-trusted-user.nix new file mode 100644 index 00000000..6539c263 --- /dev/null +++ b/nixos/common/nix-deploy-trusted-user.nix @@ -0,0 +1,9 @@ +_: { + nix = { + settings = { + trusted-users = [ + "deploy" + ]; + }; + }; +} diff --git a/nixos/common/nix.nix b/nixos/common/nix.nix deleted file mode 100644 index 90b7a6fc..00000000 --- a/nixos/common/nix.nix +++ /dev/null @@ -1,21 +0,0 @@ -{lib, ...}: let - inherit (lib.modules) mkDefault; -in { - boot.loader = { - grub.configurationLimit = 8; - systemd-boot.configurationLimit = 8; - }; - - nix = { - settings = { - trusted-users = [ - "deploy" - ]; - }; - gc = { - automatic = mkDefault false; - dates = mkDefault "weekly"; - options = mkDefault "--delete-older-than 7d"; - }; - }; -} diff --git a/nixos/common/ssh.nix b/nixos/common/ssh.nix index 44bd170d..01d7ed37 100644 --- a/nixos/common/ssh.nix +++ b/nixos/common/ssh.nix @@ -9,22 +9,10 @@ in { networking.firewall = { allowedTCPPorts = [(list.unsafeHead config.services.openssh.ports)]; - allowedUDPPortRanges = [ - { - from = 60000; - to = 61000; - } - ]; }; services.openssh = { enable = true; - /* - knownHosts.katca = { - certAuthority = true; - publicKey = builtins.readFile ./ca-pubkey.pem; - }; - */ settings = { KexAlgorithms = ["curve25519-sha256@libssh.org"]; PasswordAuthentication = false; @@ -37,6 +25,4 @@ in { LogLevel VERBOSE ''; }; - - programs.mosh.enable = true; } diff --git a/nixos/common/sudo-nopasswd.nix b/nixos/common/sudo-nopasswd.nix new file mode 100644 index 00000000..ed380145 --- /dev/null +++ b/nixos/common/sudo-nopasswd.nix @@ -0,0 +1,16 @@ +_: { + security.sudo.extraRules = [ + { + users = ["deploy"]; + commands = [ + { + command = "ALL"; + options = [ + "NOPASSWD" + "SETENV" + ]; + } + ]; + } + ]; +} diff --git a/nixos/common/tailscale.nix b/nixos/common/tailscale.nix new file mode 100644 index 00000000..0f0f4766 --- /dev/null +++ b/nixos/common/tailscale.nix @@ -0,0 +1,3 @@ +_: { + services.tailscale.enable = true; +} \ No newline at end of file diff --git a/nixos/common/time.nix b/nixos/common/tzupdate.nix similarity index 100% rename from nixos/common/time.nix rename to nixos/common/tzupdate.nix diff --git a/nixos/common/shell.nix b/nixos/common/zsh.nix similarity index 100% rename from nixos/common/shell.nix rename to nixos/common/zsh.nix diff --git a/nixos/environments/gnome/dconf.nix b/nixos/environments/gnome/dconf.nix new file mode 100644 index 00000000..7b53db51 --- /dev/null +++ b/nixos/environments/gnome/dconf.nix @@ -0,0 +1,3 @@ +_: { + programs.dconf.enable = true; +} diff --git a/nixos/roles/gnome/gnome.nix b/nixos/environments/gnome/packages.nix similarity index 68% rename from nixos/roles/gnome/gnome.nix rename to nixos/environments/gnome/packages.nix index b7c65ff8..a985de30 100644 --- a/nixos/roles/gnome/gnome.nix +++ b/nixos/environments/gnome/packages.nix @@ -1,15 +1,4 @@ -{ - pkgs, - tree, - ... -}: { - imports = with tree.nixos.roles; [ - graphical - ]; - - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; +{pkgs, ...}: { environment.gnome.excludePackages = (with pkgs; [ gnome-photos @@ -30,7 +19,6 @@ gnome-contacts gnome-initial-setup ]); - programs.dconf.enable = true; environment.systemPackages = with pkgs; [ gnome.gnome-tweaks gnome-extension-manager diff --git a/nixos/environments/gnome/profile-inheritance.nix b/nixos/environments/gnome/profile-inheritance.nix new file mode 100644 index 00000000..7b615f32 --- /dev/null +++ b/nixos/environments/gnome/profile-inheritance.nix @@ -0,0 +1,9 @@ +{tree, ...}: { + imports = with tree.nixos.profiles; [ + graphical + ]; + + home-manager.users.kat.imports = with tree.home.environments; [ + gnome + ]; +} diff --git a/nixos/environments/gnome/xserver.nix b/nixos/environments/gnome/xserver.nix new file mode 100644 index 00000000..8b4ac196 --- /dev/null +++ b/nixos/environments/gnome/xserver.nix @@ -0,0 +1,7 @@ +_: { + services.xserver = { + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; +} diff --git a/nixos/environments/kde/dconf.nix b/nixos/environments/kde/dconf.nix new file mode 100644 index 00000000..7b53db51 --- /dev/null +++ b/nixos/environments/kde/dconf.nix @@ -0,0 +1,3 @@ +_: { + programs.dconf.enable = true; +} diff --git a/nixos/environments/kde/profile-inheritance.nix b/nixos/environments/kde/profile-inheritance.nix new file mode 100644 index 00000000..c6333ff4 --- /dev/null +++ b/nixos/environments/kde/profile-inheritance.nix @@ -0,0 +1,9 @@ +{tree, ...}: { + imports = with tree.nixos.profiles; [ + graphical + ]; + + home-manager.users.kat.imports = with tree.home.environments; [ + kde + ]; +} diff --git a/nixos/environments/kde/xserver.nix b/nixos/environments/kde/xserver.nix new file mode 100644 index 00000000..59a1ca43 --- /dev/null +++ b/nixos/environments/kde/xserver.nix @@ -0,0 +1,7 @@ +_: { + services.xserver = { + enable = true; + displayManager.sddm.enable = true; + desktopManager.plasma5.enable = true; + }; +} diff --git a/nixos/environments/sway/profile-inheritance.nix b/nixos/environments/sway/profile-inheritance.nix new file mode 100644 index 00000000..a534c74a --- /dev/null +++ b/nixos/environments/sway/profile-inheritance.nix @@ -0,0 +1,9 @@ +{tree, ...}: { + imports = with tree.nixos.profiles; [ + graphical + ]; + + home-manager.users.kat.imports = with tree.home.environments; [ + sway + ]; +} diff --git a/nixos/roles/sway/sway.nix b/nixos/environments/sway/sway.nix similarity index 100% rename from nixos/roles/sway/sway.nix rename to nixos/environments/sway/sway.nix diff --git a/nixos/roles/sway/xdg-portals.nix b/nixos/environments/sway/xdg-portals.nix similarity index 100% rename from nixos/roles/sway/xdg-portals.nix rename to nixos/environments/sway/xdg-portals.nix diff --git a/nixos/hardware/default.nix b/nixos/hardware/default.nix deleted file mode 100644 index 2d4f0013..00000000 --- a/nixos/hardware/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{tree, ...}: let - profiles = tree.prev; - appendedProfiles = { - common-wifi-bt = { - imports = with profiles; [ - wifi - bluetooth - ]; - }; - laptop = { - imports = with profiles; [ - laptop - sound - ]; - }; - lenovo-thinkpad-x260 = { - imports = with profiles; [ - lenovo-thinkpad-x260 - lenovo-thinkpad-x260-local - appendedProfiles.laptop - appendedProfiles.common-wifi-bt - ]; - }; - }; -in - profiles // appendedProfiles diff --git a/nixos/hardware/intel.nix b/nixos/hardware/intel.nix new file mode 100644 index 00000000..ccd4a462 --- /dev/null +++ b/nixos/hardware/intel.nix @@ -0,0 +1,11 @@ +{ + config, + lib, + ... +}: let + inherit (lib.modules) mkIf; +in { + config = mkIf (config.machine.cpuVendor == "intel") { + boot.kernelModules = ["kvm-intel"]; + }; +} diff --git a/nixos/hardware/laptop.nix b/nixos/hardware/laptop.nix deleted file mode 100644 index 01c6c799..00000000 --- a/nixos/hardware/laptop.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - pkgs, - ... -}: let - inherit (lib.modules) mkDefault; -in { - powerManagement.cpuFreqGovernor = mkDefault "powersave"; - programs.light.enable = true; - home-manager.sharedModules = [ - { - programs.waybar.settings.main = { - modules-right = [ - "backlight" - "battery" - ]; - backlight = { - format = " {percent}%"; - on-scroll-up = "${pkgs.light}/bin/light -A 1"; - on-scroll-down = "${pkgs.light}/bin/light -U 1"; - }; - battery = { - states = { - good = 90; - warning = 30; - critical = 15; - }; - format = "{icon} {capacity}%"; - format-charging = " {capacity}%"; - format-plugged = " {capacity}%"; - format-alt = "{icon} {time}"; - format-icons = ["" "" "" "" ""]; - }; - }; - } - ]; -} diff --git a/nixos/hardware/lenovo-thinkpad-x260-local.nix b/nixos/hardware/lenovo-thinkpad-x260-local.nix deleted file mode 100644 index 451cb272..00000000 --- a/nixos/hardware/lenovo-thinkpad-x260-local.nix +++ /dev/null @@ -1,17 +0,0 @@ -_: { - boot = { - initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "sr_mod" "rtsx_usb_sdmmc"]; - kernelModules = ["kvm-intel"]; - }; - home-manager.sharedModules = [ - { - wayland.windowManager.sway.config.input."2:7:SynPS/2_Synaptics_TouchPad" = { - dwt = "enabled"; - tap = "enabled"; - natural_scroll = "enabled"; - middle_emulation = "enabled"; - click_method = "clickfinger"; - }; - } - ]; -} diff --git a/nixos/hardware/sound.nix b/nixos/hardware/sound.nix deleted file mode 100644 index 7d00c55f..00000000 --- a/nixos/hardware/sound.nix +++ /dev/null @@ -1,45 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [pulsemixer]; - - sound = { - enable = true; - extraConfig = '' - defaults.pcm.rate_converter "speexrate_best" - ''; - }; - hardware.pulseaudio.enable = false; - - security.rtkit.enable = true; - - services.pipewire = { - enable = true; - pulse.enable = true; - alsa.support32Bit = true; - jack.enable = true; - alsa.enable = true; - }; - - home-manager.sharedModules = [ - { - programs.waybar.settings.main = { - modules-right = [ - "pulseaudio" - ]; - pulseaudio = { - format = "{icon} {volume}%"; - format-muted = ""; - on-click = "${pkgs.wezterm}/bin/wezterm start ${pkgs.pulsemixer}/bin/pulsemixer"; - format-icons = { - headphone = ""; - headset = ""; - default = [ - "" - "" - "" - ]; - }; - }; - }; - } - ]; -} diff --git a/nixos/profiles/bootable/loader-config-limit.nix b/nixos/profiles/bootable/loader-config-limit.nix new file mode 100644 index 00000000..8c692329 --- /dev/null +++ b/nixos/profiles/bootable/loader-config-limit.nix @@ -0,0 +1,8 @@ +_: { + boot = { + loader = { + grub.configurationLimit = 8; + systemd-boot.configurationLimit = 8; + }; + }; +} diff --git a/nixos/profiles/bootable/sysctl.nix b/nixos/profiles/bootable/sysctl.nix new file mode 100644 index 00000000..c7a91329 --- /dev/null +++ b/nixos/profiles/bootable/sysctl.nix @@ -0,0 +1,15 @@ +{lib, ...}: let + inherit (lib.modules) mkDefault; +in { + boot = { + kernel.sysctl = { + "fs.inotify.max_user_watches" = 524288; + "net.core.rmem_max" = 16777216; + "net.core.wmem_max" = 16777216; + "net.ipv4.tcp_rmem" = "4096 87380 16777216"; + "net.ipv4.tcp_wmem" = "4096 65536 16777216"; + "net.ipv4.ip_forward" = mkDefault "1"; + "net.ipv6.conf.all.forwarding" = "1"; + }; + }; +} diff --git a/nixos/profiles/bootable/tmp.nix b/nixos/profiles/bootable/tmp.nix new file mode 100644 index 00000000..80877bcc --- /dev/null +++ b/nixos/profiles/bootable/tmp.nix @@ -0,0 +1,8 @@ +_: { + boot = { + tmp = { + tmpfsSize = "80%"; + useTmpfs = true; + }; + }; +} diff --git a/nixos/profiles/bootable/zfs.nix b/nixos/profiles/bootable/zfs.nix new file mode 100644 index 00000000..8c3c3bff --- /dev/null +++ b/nixos/profiles/bootable/zfs.nix @@ -0,0 +1,14 @@ +{ + std, + config, + lib, + ... +}: let + inherit (std) list; + inherit (lib.modules) mkDefault mkIf; +in { + boot = mkIf (list.elem "zfs" config.boot.supportedFilesystems) { + kernelPackages = mkDefault config.boot.zfs.package.latestCompatibleLinuxPackages; + zfs.enableUnstable = true; + }; +} diff --git a/nixos/roles/gaming/steam.nix b/nixos/profiles/gaming/steam.nix similarity index 100% rename from nixos/roles/gaming/steam.nix rename to nixos/profiles/gaming/steam.nix diff --git a/nixos/roles/graphical/dns.nix b/nixos/profiles/graphical/dns.nix similarity index 100% rename from nixos/roles/graphical/dns.nix rename to nixos/profiles/graphical/dns.nix diff --git a/nixos/roles/graphical/fonts.nix b/nixos/profiles/graphical/fonts.nix similarity index 100% rename from nixos/roles/graphical/fonts.nix rename to nixos/profiles/graphical/fonts.nix diff --git a/nixos/roles/graphical/gpg.nix b/nixos/profiles/graphical/gpg.nix similarity index 100% rename from nixos/roles/graphical/gpg.nix rename to nixos/profiles/graphical/gpg.nix diff --git a/nixos/roles/graphical/hardware.nix b/nixos/profiles/graphical/hardware.nix similarity index 100% rename from nixos/roles/graphical/hardware.nix rename to nixos/profiles/graphical/hardware.nix diff --git a/nixos/roles/graphical/nfs.nix b/nixos/profiles/graphical/nfs.nix similarity index 100% rename from nixos/roles/graphical/nfs.nix rename to nixos/profiles/graphical/nfs.nix diff --git a/nixos/roles/graphical/packages.nix b/nixos/profiles/graphical/packages.nix similarity index 100% rename from nixos/roles/graphical/packages.nix rename to nixos/profiles/graphical/packages.nix diff --git a/nixos/roles/graphical/pam.nix b/nixos/profiles/graphical/pam.nix similarity index 100% rename from nixos/roles/graphical/pam.nix rename to nixos/profiles/graphical/pam.nix diff --git a/nixos/profiles/graphical/profile-inheritance.nix b/nixos/profiles/graphical/profile-inheritance.nix new file mode 100644 index 00000000..97b86566 --- /dev/null +++ b/nixos/profiles/graphical/profile-inheritance.nix @@ -0,0 +1,5 @@ +{tree, ...}: { + imports = with tree.nixos.profiles; [ + bootable + ]; +} diff --git a/nixos/roles/graphical/qt.nix b/nixos/profiles/graphical/qt.nix similarity index 100% rename from nixos/roles/graphical/qt.nix rename to nixos/profiles/graphical/qt.nix diff --git a/nixos/profiles/graphical/sound.nix b/nixos/profiles/graphical/sound.nix new file mode 100644 index 00000000..8fa25f83 --- /dev/null +++ b/nixos/profiles/graphical/sound.nix @@ -0,0 +1,21 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [pulsemixer]; + + sound = { + enable = true; + extraConfig = '' + defaults.pcm.rate_converter "speexrate_best" + ''; + }; + hardware.pulseaudio.enable = false; + + security.rtkit.enable = true; + + services.pipewire = { + enable = true; + pulse.enable = true; + alsa.support32Bit = true; + jack.enable = true; + alsa.enable = true; + }; +} diff --git a/nixos/profiles/laptop/power-profiles-daemon.nix b/nixos/profiles/laptop/power-profiles-daemon.nix new file mode 100644 index 00000000..bce55e3d --- /dev/null +++ b/nixos/profiles/laptop/power-profiles-daemon.nix @@ -0,0 +1,3 @@ +_: { + services.power-profiles-daemon.enable = true; +} diff --git a/nixos/profiles/laptop/powertop.nix b/nixos/profiles/laptop/powertop.nix new file mode 100644 index 00000000..f11279db --- /dev/null +++ b/nixos/profiles/laptop/powertop.nix @@ -0,0 +1,3 @@ +_: { + powerManagement.powertop.enable = true; +} diff --git a/nixos/profiles/laptop/thermald.nix b/nixos/profiles/laptop/thermald.nix new file mode 100644 index 00000000..53228d61 --- /dev/null +++ b/nixos/profiles/laptop/thermald.nix @@ -0,0 +1,11 @@ +{ + config, + lib, + ... +}: let + inherit (lib.modules) mkIf; +in { + config = mkIf (config.machine.cpuVendor == "intel") { + services.thermald.enable = true; + }; +} diff --git a/nixos/profiles/server/linger.nix b/nixos/profiles/server/linger.nix new file mode 100644 index 00000000..9f105cbc --- /dev/null +++ b/nixos/profiles/server/linger.nix @@ -0,0 +1,4 @@ +{config, ...}: { + # Allow services to persist for a user after their sessions have ran out + systemd.tmpfiles.rules = set.mapToValues (username: _: "f /var/lib/systemd/linger/${username}") config.users.users; +} diff --git a/nixos/profiles/server/mosh.nix b/nixos/profiles/server/mosh.nix new file mode 100644 index 00000000..f791f34b --- /dev/null +++ b/nixos/profiles/server/mosh.nix @@ -0,0 +1,3 @@ +_: { + programs.mosh.enable = true; +} diff --git a/nixos/profiles/server/profile-inheritance.nix b/nixos/profiles/server/profile-inheritance.nix new file mode 100644 index 00000000..97b86566 --- /dev/null +++ b/nixos/profiles/server/profile-inheritance.nix @@ -0,0 +1,5 @@ +{tree, ...}: { + imports = with tree.nixos.profiles; [ + bootable + ]; +} diff --git a/nixos/profiles/server/tailscale.nix b/nixos/profiles/server/tailscale.nix new file mode 100644 index 00000000..bece5b11 --- /dev/null +++ b/nixos/profiles/server/tailscale.nix @@ -0,0 +1,13 @@ +{config, ...}: { + # Enable tailscale + services.tailscale = { + enable = true; + }; + + # Allow tailscale through firewall + networking.firewall = { + enable = true; + trustedInterfaces = ["tailscale0"]; + allowedUDPPorts = [config.services.tailscale.port]; + }; +} diff --git a/nixos/hardware/bluetooth.nix b/nixos/profiles/wireless/bluetooth.nix similarity index 100% rename from nixos/hardware/bluetooth.nix rename to nixos/profiles/wireless/bluetooth.nix diff --git a/nixos/profiles/wireless/firewall.nix b/nixos/profiles/wireless/firewall.nix new file mode 100644 index 00000000..e2f70be3 --- /dev/null +++ b/nixos/profiles/wireless/firewall.nix @@ -0,0 +1,11 @@ +_: { + firewall = { + allowedUDPPorts = [5353]; # MDNS + allowedUDPPortRanges = [ + { + from = 32768; + to = 60999; + } + ]; # Chromecast + }; +} diff --git a/nixos/hardware/wifi.nix b/nixos/profiles/wireless/wifi.nix similarity index 72% rename from nixos/hardware/wifi.nix rename to nixos/profiles/wireless/wifi.nix index aa20214a..16c93606 100644 --- a/nixos/hardware/wifi.nix +++ b/nixos/profiles/wireless/wifi.nix @@ -8,16 +8,8 @@ in { systemd.services.NetworkManager-wait-online = { serviceConfig.ExecStart = ["" "${pkgs.networkmanager}/bin/nm-online -q"]; }; + networking = { - firewall = { - allowedUDPPorts = [5353]; # MDNS - allowedUDPPortRanges = [ - { - from = 32768; - to = 60999; - } - ]; # Ephemeral / Chromecast - }; networkmanager = { enable = true; connectionConfig = { diff --git a/nixos/roles/bootable.nix b/nixos/roles/bootable.nix deleted file mode 100644 index 2fa469f2..00000000 --- a/nixos/roles/bootable.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - lib, - std, - ... -}: let - inherit (lib.modules) mkDefault mkIf mkMerge; - inherit (std) list; -in { - boot = mkMerge [ - { - kernel.sysctl = { - "fs.inotify.max_user_watches" = 524288; - "net.core.rmem_max" = 16777216; - "net.core.wmem_max" = 16777216; - "net.ipv4.tcp_rmem" = "4096 87380 16777216"; - "net.ipv4.tcp_wmem" = "4096 65536 16777216"; - "net.ipv4.ip_forward" = mkDefault "1"; - "net.ipv6.conf.all.forwarding" = "1"; - }; - loader = { - grub.configurationLimit = 8; - systemd-boot.configurationLimit = 8; - }; - tmp = { - tmpfsSize = "80%"; - useTmpfs = true; - }; - } - (mkIf (list.elem "zfs" config.boot.supportedFilesystems) { - kernelPackages = mkDefault config.boot.zfs.package.latestCompatibleLinuxPackages; - zfs.enableUnstable = true; - }) - ]; -} diff --git a/nixos/roles/graphical/bootable.nix b/nixos/roles/graphical/bootable.nix deleted file mode 100644 index c2dafdde..00000000 --- a/nixos/roles/graphical/bootable.nix +++ /dev/null @@ -1,5 +0,0 @@ -{tree, ...}: { - imports = with tree.nixos.roles; [ - bootable - ]; -} diff --git a/nixos/roles/kde/kde.nix b/nixos/roles/kde/kde.nix deleted file mode 100644 index dac7c0b4..00000000 --- a/nixos/roles/kde/kde.nix +++ /dev/null @@ -1,10 +0,0 @@ -{tree, ...}: { - imports = with tree.nixos.roles; [ - graphical - ]; - - services.xserver.enable = true; - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - programs.dconf.enable = true; -} diff --git a/nixos/roles/minecraft-server.nix b/nixos/roles/minecraft-server.nix deleted file mode 100644 index 978f4220..00000000 --- a/nixos/roles/minecraft-server.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - pkgs, - inputs, - lib, - ... -}: { - networking.firewall = { - allowedTCPPorts = [25565 8123]; - }; - services.minecraft-servers = { - enable = false; - eula = false; - environmentFile = pkgs.writeText "aaaa" '' - QUILT_LOADER_DISABLE_BEACON=true - ''; - servers.arkamew = let - modpack = inputs.minecraft.legacyPackages.${pkgs.system}.fetchPackwizModpack { - url = "https://github.com/kittywitch/arka-modpack/raw/main/pack.toml"; - packHash = "sha256-b198Q2eCf8xN3X6SJEIbFZB/PxC4vYcjiQSoeVjWyEk="; - manifestHash = "sha256:17lg9syx1ddggyq2h8a92frg4lpr2xc7ryh30bniv9dhymr0vc23"; - side = "both"; - }; - mcVersion = modpack.manifest.versions.minecraft; - quiltVersion = modpack.manifest.versions.quilt; - serverVersion = lib.replaceStrings ["."] ["_"] "quilt-${mcVersion}-${quiltVersion}"; - in { - enable = false; - autoStart = true; - openFirewall = true; - whitelist = { - katrynn = "356d8cf2-246a-4c07-b547-422aea06c0ab"; - arcnmx = "e9244315-848c-424a-b004-ae5305449fee"; - }; - jvmOpts = "-Xmx4G -Xms1G"; - serverProperties = { - server-port = 25565; - gamemode = 0; - difficulty = 1; - white-list = true; - motd = "Kat & Abby Minecraft"; - }; - symlinks = { - mods = "${modpack}/mods"; - }; - package = inputs.minecraft.legacyPackages.${pkgs.system}.quiltServers.${serverVersion}; - }; - }; -} diff --git a/nixos/roles/server.nix b/nixos/roles/server.nix deleted file mode 100644 index 6becfcbd..00000000 --- a/nixos/roles/server.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - std, - config, - tree, - ... -}: let - inherit (std) set; -in { - imports = with tree.nixos.roles; [ - bootable - ]; - - systemd.tmpfiles.rules = set.mapToValues (username: _: "f /var/lib/systemd/linger/${username}") config.users.users; - - networking.firewall = { - enable = true; - trustedInterfaces = ["tailscale0"]; - allowedUDPPorts = [config.services.tailscale.port]; - }; - - services.tailscale = { - enable = true; - }; - - programs.mosh.enable = true; -} diff --git a/nixos/roles/matrix-homeserver/nginx.nix b/nixos/servers/matrix-homeserver/nginx.nix similarity index 61% rename from nixos/roles/matrix-homeserver/nginx.nix rename to nixos/servers/matrix-homeserver/nginx.nix index 3a30ef05..ebf54966 100644 --- a/nixos/roles/matrix-homeserver/nginx.nix +++ b/nixos/servers/matrix-homeserver/nginx.nix @@ -6,11 +6,13 @@ in { "${fqdn}" = { enableACME = true; forceSSL = true; - locations."/".extraConfig = '' - return 404; - ''; - locations."/_matrix".proxyPass = "http://[::1]:8008"; - locations."/_synapse".proxyPass = "http://[::1]:8008"; + locations = { + "/".extraConfig = '' + return 404; + ''; + "/_matrix".proxyPass = "http://[::1]:8008"; + "/_synapse".proxyPass = "http://[::1]:8008"; + }; extraConfig = '' http2_max_requests 100000; keepalive_requests 100000; diff --git a/nixos/roles/matrix-homeserver/scalpel.nix b/nixos/servers/matrix-homeserver/scalpel.nix similarity index 100% rename from nixos/roles/matrix-homeserver/scalpel.nix rename to nixos/servers/matrix-homeserver/scalpel.nix diff --git a/nixos/roles/matrix-homeserver/secrets.nix b/nixos/servers/matrix-homeserver/secrets.nix similarity index 100% rename from nixos/roles/matrix-homeserver/secrets.nix rename to nixos/servers/matrix-homeserver/secrets.nix diff --git a/nixos/roles/matrix-homeserver/secrets.yaml b/nixos/servers/matrix-homeserver/secrets.yaml similarity index 100% rename from nixos/roles/matrix-homeserver/secrets.yaml rename to nixos/servers/matrix-homeserver/secrets.yaml diff --git a/nixos/roles/matrix-homeserver/synapse.nix b/nixos/servers/matrix-homeserver/synapse.nix similarity index 100% rename from nixos/roles/matrix-homeserver/synapse.nix rename to nixos/servers/matrix-homeserver/synapse.nix diff --git a/nixos/roles/monica-server.nix b/nixos/servers/monica-server.nix similarity index 100% rename from nixos/roles/monica-server.nix rename to nixos/servers/monica-server.nix diff --git a/nixos/roles/monitoring-server/grafana.nix b/nixos/servers/monitoring-server/grafana.nix similarity index 87% rename from nixos/roles/monitoring-server/grafana.nix rename to nixos/servers/monitoring-server/grafana.nix index 77f3f7aa..d741b775 100644 --- a/nixos/roles/monitoring-server/grafana.nix +++ b/nixos/servers/monitoring-server/grafana.nix @@ -1,8 +1,4 @@ -{ - config, - pkgs, - ... -}: { +_: { services.grafana = { enable = true; settings.server = { diff --git a/nixos/roles/monitoring-server/nginx.nix b/nixos/servers/monitoring-server/nginx.nix similarity index 100% rename from nixos/roles/monitoring-server/nginx.nix rename to nixos/servers/monitoring-server/nginx.nix diff --git a/nixos/roles/monitoring-server/prometheus.nix b/nixos/servers/monitoring-server/prometheus.nix similarity index 100% rename from nixos/roles/monitoring-server/prometheus.nix rename to nixos/servers/monitoring-server/prometheus.nix diff --git a/nixos/roles/monitoring-server/scalpel.nix b/nixos/servers/monitoring-server/scalpel.nix similarity index 100% rename from nixos/roles/monitoring-server/scalpel.nix rename to nixos/servers/monitoring-server/scalpel.nix diff --git a/nixos/roles/monitoring-server/secrets.nix b/nixos/servers/monitoring-server/secrets.nix similarity index 100% rename from nixos/roles/monitoring-server/secrets.nix rename to nixos/servers/monitoring-server/secrets.nix diff --git a/nixos/roles/monitoring-server/secrets.yaml b/nixos/servers/monitoring-server/secrets.yaml similarity index 100% rename from nixos/roles/monitoring-server/secrets.yaml rename to nixos/servers/monitoring-server/secrets.yaml diff --git a/nixos/roles/monitoring-server/synapse-v2.rules b/nixos/servers/monitoring-server/synapse-v2.rules similarity index 100% rename from nixos/roles/monitoring-server/synapse-v2.rules rename to nixos/servers/monitoring-server/synapse-v2.rules diff --git a/nixos/roles/monitoring-server/telegraf.nix b/nixos/servers/monitoring-server/telegraf.nix similarity index 100% rename from nixos/roles/monitoring-server/telegraf.nix rename to nixos/servers/monitoring-server/telegraf.nix diff --git a/nixos/roles/postgres-server.nix b/nixos/servers/postgres-server.nix similarity index 100% rename from nixos/roles/postgres-server.nix rename to nixos/servers/postgres-server.nix diff --git a/nixos/roles/public-directory.nix b/nixos/servers/public-directory.nix similarity index 98% rename from nixos/roles/public-directory.nix rename to nixos/servers/public-directory.nix index 9845cacb..0b3c2e5e 100644 --- a/nixos/roles/public-directory.nix +++ b/nixos/servers/public-directory.nix @@ -1,4 +1,4 @@ -{config, ...}: { +_: { services.nginx = { virtualHosts = { "public.gensokyo.zone" = { diff --git a/nixos/roles/vaultwarden-server/nginx.nix b/nixos/servers/vaultwarden-server/nginx.nix similarity index 100% rename from nixos/roles/vaultwarden-server/nginx.nix rename to nixos/servers/vaultwarden-server/nginx.nix diff --git a/nixos/roles/vaultwarden-server/postgres.nix b/nixos/servers/vaultwarden-server/postgres.nix similarity index 100% rename from nixos/roles/vaultwarden-server/postgres.nix rename to nixos/servers/vaultwarden-server/postgres.nix diff --git a/nixos/roles/vaultwarden-server/scalpel.nix b/nixos/servers/vaultwarden-server/scalpel.nix similarity index 100% rename from nixos/roles/vaultwarden-server/scalpel.nix rename to nixos/servers/vaultwarden-server/scalpel.nix diff --git a/nixos/roles/vaultwarden-server/secrets.yaml b/nixos/servers/vaultwarden-server/secrets.yaml similarity index 100% rename from nixos/roles/vaultwarden-server/secrets.yaml rename to nixos/servers/vaultwarden-server/secrets.yaml diff --git a/nixos/roles/vaultwarden-server/vaultwarden.nix b/nixos/servers/vaultwarden-server/vaultwarden.nix similarity index 100% rename from nixos/roles/vaultwarden-server/vaultwarden.nix rename to nixos/servers/vaultwarden-server/vaultwarden.nix diff --git a/nixos/roles/irc-client/nginx.nix b/nixos/servers/web-irc-client/nginx.nix similarity index 100% rename from nixos/roles/irc-client/nginx.nix rename to nixos/servers/web-irc-client/nginx.nix diff --git a/nixos/roles/irc-client/thelounge.nix b/nixos/servers/web-irc-client/thelounge.nix similarity index 100% rename from nixos/roles/irc-client/thelounge.nix rename to nixos/servers/web-irc-client/thelounge.nix diff --git a/nixos/roles/web-server/acme.nix b/nixos/servers/web-server/acme.nix similarity index 100% rename from nixos/roles/web-server/acme.nix rename to nixos/servers/web-server/acme.nix diff --git a/nixos/roles/web-server/firewall.nix b/nixos/servers/web-server/firewall.nix similarity index 100% rename from nixos/roles/web-server/firewall.nix rename to nixos/servers/web-server/firewall.nix diff --git a/nixos/roles/web-server/nginx.nix b/nixos/servers/web-server/nginx.nix similarity index 100% rename from nixos/roles/web-server/nginx.nix rename to nixos/servers/web-server/nginx.nix diff --git a/nixos/roles/web-server/scalpel.nix b/nixos/servers/web-server/scalpel.nix similarity index 100% rename from nixos/roles/web-server/scalpel.nix rename to nixos/servers/web-server/scalpel.nix diff --git a/nixos/roles/web-server/secrets.nix b/nixos/servers/web-server/secrets.nix similarity index 100% rename from nixos/roles/web-server/secrets.nix rename to nixos/servers/web-server/secrets.nix diff --git a/nixos/roles/web-server/secrets.yaml b/nixos/servers/web-server/secrets.yaml similarity index 100% rename from nixos/roles/web-server/secrets.yaml rename to nixos/servers/web-server/secrets.yaml diff --git a/systems/chen.nix b/systems/chen.nix index 49c778eb..353065f5 100644 --- a/systems/chen.nix +++ b/systems/chen.nix @@ -4,9 +4,8 @@ _: let tree, inputs, ... - }: - let - inherit (lib.modules) mkForce; + }: let + inherit (lib.modules) mkForce; in { imports = with tree; [ inputs.wsl.nixosModules.wsl @@ -76,61 +75,61 @@ _: let services.gpg-agent.enable = false; programs.git.signing.gpgPath = "/mnt/c/Program Files (x86)/GnuPG/bin/gpg.exe"; programs.zsh.profileExtra = '' -if [[ -n "$XDG_SESSION_ID" && "$TERM" == "dumb" && - "$(ps -p $PPID -o comm=)" == "login" ]]; then - # Running in the background login process. Do nothing. - return -fi -gpg-connect-agent killagent /bye &> /dev/null -WIN_USER="kat" -SSH_DIR="''${HOME}/.ssh" # -mkdir -p "''${SSH_DIR}" -wsl2_ssh_pageant_bin="''${SSH_DIR}/wsl2-ssh-pageant.exe" -ln -sf "/mnt/c/Users/''${WIN_USER}/.ssh/wsl2-ssh-pageant.exe" "''${wsl2_ssh_pageant_bin}" + if [[ -n "$XDG_SESSION_ID" && "$TERM" == "dumb" && + "$(ps -p $PPID -o comm=)" == "login" ]]; then + # Running in the background login process. Do nothing. + return + fi + gpg-connect-agent killagent /bye &> /dev/null + WIN_USER="kat" + SSH_DIR="''${HOME}/.ssh" # + mkdir -p "''${SSH_DIR}" + wsl2_ssh_pageant_bin="''${SSH_DIR}/wsl2-ssh-pageant.exe" + ln -sf "/mnt/c/Users/''${WIN_USER}/.ssh/wsl2-ssh-pageant.exe" "''${wsl2_ssh_pageant_bin}" -listen_socket() { - sock_path="$1" && shift - fork_args="''${sock_path},fork" - exec_args="''${wsl2_ssh_pageant_bin} $@" + listen_socket() { + sock_path="$1" && shift + fork_args="''${sock_path},fork" + exec_args="''${wsl2_ssh_pageant_bin} $@" - if ! ps x | grep -v grep | grep -q "''${fork_args}"; then - rm -f "''${sock_path}" - (setsid nohup socat "UNIX-LISTEN:''${fork_args}" "EXEC:''${exec_args}" &>/dev/null &) - fi -} + if ! ps x | grep -v grep | grep -q "''${fork_args}"; then + rm -f "''${sock_path}" + (setsid nohup socat "UNIX-LISTEN:''${fork_args}" "EXEC:''${exec_args}" &>/dev/null &) + fi + } -# SSH -export SSH_AUTH_SOCK="''${SSH_DIR}/agent.sock" -listen_socket "''${SSH_AUTH_SOCK}" + # SSH + export SSH_AUTH_SOCK="''${SSH_DIR}/agent.sock" + listen_socket "''${SSH_AUTH_SOCK}" -# GPG -export GPG_AGENT_SOCK="''$(gpgconf --list-dirs socketdir)/S.gpg-agent" + # GPG + export GPG_AGENT_SOCK="''$(gpgconf --list-dirs socketdir)/S.gpg-agent" -if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then - echo "1" - rm -rf "$GPG_AGENT_SOCK" - if test -x "$wsl2_ssh_pageant_bin"; then - (setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpg S.gpg-agent" >/dev/null 2>&1 &) - else - echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable." - fi -fi -export GPG_AGENT_SOCK="/home/kat/.gnupg/S.gpg-agent" + if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then + echo "1" + rm -rf "$GPG_AGENT_SOCK" + if test -x "$wsl2_ssh_pageant_bin"; then + (setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpg S.gpg-agent" >/dev/null 2>&1 &) + else + echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable." + fi + fi + export GPG_AGENT_SOCK="/home/kat/.gnupg/S.gpg-agent" -if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then - echo "1" - rm -rf "$GPG_AGENT_SOCK" - if test -x "$wsl2_ssh_pageant_bin"; then - (setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpg S.gpg-agent" >/dev/null 2>&1 &) - else - echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable." - fi -fi - unset wsl2_ssh_pageant_bin + if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then + echo "1" + rm -rf "$GPG_AGENT_SOCK" + if test -x "$wsl2_ssh_pageant_bin"; then + (setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpg S.gpg-agent" >/dev/null 2>&1 &) + else + echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable." + fi + fi + unset wsl2_ssh_pageant_bin ''; }; - programs.gnupg.agent.pinentryFlavor = mkForce "curses"; + programs.gnupg.agent.pinentryFlavor = mkForce "curses"; networking = { hostId = "dddbb888"; diff --git a/systems/default.nix b/systems/default.nix index c1972e52..773959cf 100644 --- a/systems/default.nix +++ b/systems/default.nix @@ -70,10 +70,13 @@ } .${string.toLower config.type}; modules = with tree; [ + # per-OS modules tree.modules.${config.folder} - #tree.modules.common + # per-OS configuration tree.${config.folder}.common - tree.kat.user.${config.folder} + # per-OS user definition + tree.home.user.${config.folder} + # the base common module common ]; builder = diff --git a/systems/goliath.nix b/systems/goliath.nix index 864534ee..105bf417 100644 --- a/systems/goliath.nix +++ b/systems/goliath.nix @@ -8,20 +8,27 @@ _: let }: let inherit (lib.modules) mkDefault; in { - imports = with tree.nixos.hardware; - [ - common-wifi-bt - sound - ] - ++ (with tree.nixos.roles; [ - kde + imports = + (with tree.nixos.profiles; [ + graphical gaming ]) - ++ (with tree.kat; [ - gui + ++ (with tree.nixos.environments; [ kde + ]) + ++ (with tree.home.profiles; [ + devops + graphical + wireless ]); + machine = { + cpuVendor = "amd"; + }; + + # to-do: add this and kvm-amd to automation + hardware.cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; + environment.systemPackages = with pkgs; [ fd # fd, better fine! ripgrep # rg, better grep! @@ -35,19 +42,32 @@ _: let k9s ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot/efi"; - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelParams = [ - "amdgpu.gpu_recovery=1" - ]; - boot.kernelModules = ["kvm-amd"]; - boot.extraModulePackages = []; - boot.supportedFilesystems = ["ntfs"]; - nixpkgs.hostPlatform = mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; + boot = { + loader = { + systemd-boot.enable = true; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + }; + # Enable swap on luks + boot.initrd = { + luks.devices = { + "luks-111c4857-5d73-4e75-89c7-43be9b044ade".device = "/dev/disk/by-uuid/111c4857-5d73-4e75-89c7-43be9b044ade"; + "luks-111c4857-5d73-4e75-89c7-43be9b044ade".keyFile = "/crypto_keyfile.bin"; + "luks-af144e7f-e35b-49e7-be90-ef7001cc2abd".device = "/dev/disk/by-uuid/af144e7f-e35b-49e7-be90-ef7001cc2abd"; + }; + availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + secrets = { + "/crypto_keyfile.bin" = null; + }; + }; + kernelParams = [ + "amdgpu.gpu_recovery=1" + ]; + kernelModules = ["kvm-amd"]; + supportedFilesystems = ["ntfs"]; + }; fileSystems = { "/" = { @@ -60,15 +80,6 @@ _: let }; }; - boot.initrd.secrets = { - "/crypto_keyfile.bin" = null; - }; - - # Enable swap on luks - boot.initrd.luks.devices."luks-111c4857-5d73-4e75-89c7-43be9b044ade".device = "/dev/disk/by-uuid/111c4857-5d73-4e75-89c7-43be9b044ade"; - boot.initrd.luks.devices."luks-111c4857-5d73-4e75-89c7-43be9b044ade".keyFile = "/crypto_keyfile.bin"; - boot.initrd.luks.devices."luks-af144e7f-e35b-49e7-be90-ef7001cc2abd".device = "/dev/disk/by-uuid/af144e7f-e35b-49e7-be90-ef7001cc2abd"; - services.openssh = { hostKeys = [ { diff --git a/systems/koishi.nix b/systems/koishi.nix index ca118e8d..87c5892e 100644 --- a/systems/koishi.nix +++ b/systems/koishi.nix @@ -1,25 +1,20 @@ _: let - hostConfig = { - config, - tree, - ... - }: { - imports = with tree.nixos.hardware; - [ - lenovo-thinkpad-x260 - common-pc-laptop-ssd - ] - ++ (with tree.nixos.roles; [ + hostConfig = {tree, ...}: { + imports = + (with tree.nixos.profiles; [ graphical - kde + wireless laptop ]) - ++ (with tree; [ - kat.gui - kat.vscode - kat.kde + ++ (with tree.nixos.environments; [ + kde ]); + home-manager.users.kat.imports = with tree.home.profiles; [ + graphical + devops + ]; + fileSystems = { "/" = { device = "/dev/disk/by-uuid/a664de0f-9883-420e-acc5-b9602a23e816"; @@ -31,6 +26,10 @@ _: let }; }; + machine = { + cpuVendor = "intel"; + }; + networking.networkmanager.wifi.backend = "iwd"; swapDevices = [ @@ -39,7 +38,10 @@ _: let boot = { supportedFilesystems = ["xfs"]; - initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/f0ea08b4-6af7-4d90-a2ad-edd5672a2105"; + initrd = { + availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "sr_mod" "rtsx_usb_sdmmc"]; + luks.devices."cryptroot".device = "/dev/disk/by-uuid/f0ea08b4-6af7-4d90-a2ad-edd5672a2105"; + }; loader = { efi = { canTouchEfiVariables = true; diff --git a/systems/renko.nix b/systems/renko.nix index f627e3c6..84502953 100644 --- a/systems/renko.nix +++ b/systems/renko.nix @@ -1,7 +1,6 @@ _: let hostConfig = { lib, - tree, pkgs, inputs, ... @@ -67,25 +66,27 @@ _: let services.openssh.enable = true; # systemd - systemd.services."systemd-oomd".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-resolved".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-userdbd".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-udevd".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-timesyncd".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-timedated".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-portabled".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-nspawn@".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-networkd".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-machined".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-localed".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-logind".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-journald@".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-journald".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-journal-remote".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-journal-upload".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-importd".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-hostnamed".serviceConfig.WatchdogSec = 0; - systemd.services."systemd-homed".serviceConfig.WatchdogSec = 0; + systemd.services = { + "systemd-oomd".serviceConfig.WatchdogSec = 0; + "systemd-resolved".serviceConfig.WatchdogSec = 0; + "systemd-userdbd".serviceConfig.WatchdogSec = 0; + "systemd-udevd".serviceConfig.WatchdogSec = 0; + "systemd-timesyncd".serviceConfig.WatchdogSec = 0; + "systemd-timedated".serviceConfig.WatchdogSec = 0; + "systemd-portabled".serviceConfig.WatchdogSec = 0; + "systemd-nspawn@".serviceConfig.WatchdogSec = 0; + "systemd-networkd".serviceConfig.WatchdogSec = 0; + "systemd-machined".serviceConfig.WatchdogSec = 0; + "systemd-localed".serviceConfig.WatchdogSec = 0; + "systemd-logind".serviceConfig.WatchdogSec = 0; + "systemd-journald@".serviceConfig.WatchdogSec = 0; + "systemd-journald".serviceConfig.WatchdogSec = 0; + "systemd-journal-remote".serviceConfig.WatchdogSec = 0; + "systemd-journal-upload".serviceConfig.WatchdogSec = 0; + "systemd-importd".serviceConfig.WatchdogSec = 0; + "systemd-hostnamed".serviceConfig.WatchdogSec = 0; + "systemd-homed".serviceConfig.WatchdogSec = 0; + }; # package installation: not needed diff --git a/systems/sumireko.nix b/systems/sumireko.nix index 85248f98..5eb5b78e 100644 --- a/systems/sumireko.nix +++ b/systems/sumireko.nix @@ -2,101 +2,40 @@ _: let hostConfig = { tree, pkgs, - inputs, - std, ... - }: let - inherit (std) string; - in { - imports = with tree; [ - kat.work + }: { + imports = with tree.darwin; [ + orbstack ]; + home-manager.users.kat.imports = + (with tree.home.profiles; [ + graphical.gpg + graphical.vscode + graphical.wezterm + ]) + ++ (with tree.home.profiles; [ + devops + ]) + ++ (with tree.home.environments; [ + darwin + ]); + security.pam.enableSudoTouchIdAuth = true; - home-manager.users.root.programs.ssh = { - enable = true; - extraConfig = '' - Host orb - HostName 127.0.0.1 - Port 32222 - User default - IdentityFile /Users/kat/.orbstack/ssh/id_ed25519 - ''; - /* - ProxyCommand env HOME=/Users/kat '/Applications/OrbStack.app/Contents/Frameworks/OrbStack Helper (VM).app/Contents/MacOS/OrbStack Helper (VM)' ssh-proxy-fdpass - ProxyUseFdpass yes - */ - }; - - nix.buildMachines = [ - { - hostName = "nixos@orb"; - system = "aarch64-linux"; - supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; - } - { - hostName = "nixos@orb"; - system = "x86_64-linux"; - supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; - } - ]; - - nix.distributedBuilds = true; - nix.extraOptions = '' - builders-use-substitutes = true - ''; - environment.systemPackages = with pkgs; [ - fd # fd, better fine! - terraform - ripgrep # rg, better grep! - deadnix # dead-code scanner - alejandra # code formatter - statix # anti-pattern finder - deploy-rs.deploy-rs # deployment system - rnix-lsp # vscode nix extensions - kubectl # kubernetes - k9s # cute k8s client, canines~ - kubernetes-helm # helm - awscli2 ]; home-manager.users.kat = { home.sessionVariables = { ARTEMISCLI_CONFIG_PATH = "/Users/kat/.artemisconfig"; }; - home.file = { - ".orbstack/ssh/authorized_keys".text = - (string.concatSep "\n" tree.kat.user.data.keys) - + '' - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILW2V8yL2vC/KDmIQdxhEeevKo1vGG18bvMNj9mLL/On - ''; - ".ssh/authorized_keys".text = '' - ${string.concatSep "\n" tree.kat.user.data.keys} - ''; - }; programs = { zsh = { initExtra = '' source <(kubectl completion zsh) ''; }; - ssh = { - enable = true; - extraConfig = '' - Host orb - HostName 127.0.0.1 - Port 32222 - User default - IdentityFile /Users/kat/.orbstack/ssh/id_ed25519 - ''; - /* - ProxyCommand env HOME=/Users/kat '/Applications/OrbStack.app/Contents/Frameworks/OrbStack Helper (VM).app/Contents/MacOS/OrbStack Helper (VM)' ssh-proxy-fdpass - ProxyUseFdpass yes - */ - }; }; }; @@ -113,36 +52,45 @@ _: let "snyk" ]; casks = [ - "barrier" - "bitwarden" - "mullvadvpn" + # Browsers "firefox" - "disk-inventory-x" - "dozer" - "devtoys" - "cyberduck" - "spotify" - "pycharm-ce" - "prismlauncher" - "element" - "logseq" - "slack" - "boop" - "iterm2" - "obsidian" - "contexts" - "rectangle" + "google-chrome" + + # Chat "signal" "telegram" "discord" - "deluge" + "element" + "slack" "keybase" - "anki" + + # Media + "spotify" + "deluge" + + # Exocortex + "obsidian" + + # Security + "bitwarden" + "mullvadvpn" + "pycharm-ce" + + # Development Tools + "iterm2" + "cyberduck" + "boop" + + # Utilities + "disk-inventory-x" + "devtoys" + "contexts" + "rectangle" "syncthing" - "firefox" - "google-chrome" - "orbstack" + "anki" + "bartender" ]; + taps = [ "pulumi/tap" "homebrew/cask-versions" diff --git a/tree.nix b/tree.nix index 04d1de0f..52751fee 100644 --- a/tree.nix +++ b/tree.nix @@ -25,26 +25,30 @@ "default" ]; }; - # Required for all-system common imports + common.functor.enable = true; - # Re-map home directory profiles - kat.evaluateDefault = true; - "kat/user".evaluateDefault = true; - "kat/user/data".evaluate = true; - # Allow profile importing + + "home/*".functor.enable = true; + "home/profiles/*".functor.enable = true; + "home/environments/*".functor.enable = true; + "home/user".evaluateDefault = true; + "home/user/data".evaluate = true; + "nixos/*".functor.enable = true; - "nixos/roles/*".functor = { + "nixos/profiles/*".functor = { enable = true; excludes = [ "scalpel" ]; }; + + "darwin/*".functor.enable = true; + + "nixos/environments/*".functor.enable = true; + "systems/*".aliasDefault = true; "packages/*".aliasDefault = true; - "nixos/hardware".evaluateDefault = true; - "nixos/hardware/*".functor.enable = true; - "darwin/*".functor.enable = true; - "kat/*".functor.enable = true; + # Various modules "modules/common" = { functor = {