diff options
| author | Azat Bahawi <azat@bahawi.net> | 2024-03-31 21:29:27 +0300 |
|---|---|---|
| committer | Azat Bahawi <azat@bahawi.net> | 2024-03-31 21:29:27 +0300 |
| commit | 9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 (patch) | |
| tree | f28beec29deeea36038615a8fb98a810891940b5 /modules/nixos | |
| parent | 4ad0c3afc1f6caf0c3f05f99a15b22178f2c190b (diff) | |
2024-03-31
Diffstat (limited to 'modules/nixos')
98 files changed, 2777 insertions, 2458 deletions
diff --git a/modules/nixos/acme.nix b/modules/nixos/acme.nix index 49be684..6a75818 100644 --- a/modules/nixos/acme.nix +++ b/modules/nixos/acme.nix @@ -1,13 +1,15 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.acme; -in { +in +{ imports = [ - (mkAliasOptionModule ["certs"] ["security" "acme" "certs"]) + (mkAliasOptionModule [ "certs" ] [ + "security" + "acme" + "certs" + ]) ]; options.nixfiles.modules.acme = { @@ -21,7 +23,7 @@ in { }; config = mkIf cfg.enable { - ark.directories = ["/var/lib/acme"]; + ark.directories = [ "/var/lib/acme" ]; security.acme = { acceptTerms = true; diff --git a/modules/nixos/alertmanager.nix b/modules/nixos/alertmanager.nix index 4d7f2ec..a3457bc 100644 --- a/modules/nixos/alertmanager.nix +++ b/modules/nixos/alertmanager.nix @@ -5,10 +5,12 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.alertmanager; -in { - imports = [inputs.alertmanager-ntfy.nixosModules.default]; +in +{ + imports = [ inputs.alertmanager-ntfy.nixosModules.default ]; options.nixfiles.modules.alertmanager = { enable = mkEnableOption "Alertmanager"; @@ -31,7 +33,7 @@ in { ntfy.enable = true; nginx = { enable = true; - upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://alertmanager"; extraConfig = libNginx.config.internalOnly; @@ -59,16 +61,14 @@ in { route = { receiver = my.username; - group_by = ["alertname"]; + group_by = [ "alertname" ]; }; receivers = [ { name = my.username; webhook_configs = [ - { - url = with config.services.alertmanager-ntfy; "http://${httpAddress}:${httpPort}"; - } + { url = with config.services.alertmanager-ntfy; "http://${httpAddress}:${httpPort}"; } ]; } ]; diff --git a/modules/nixos/android.nix b/modules/nixos/android.nix index 41b7ef9..363bd6c 100644 --- a/modules/nixos/android.nix +++ b/modules/nixos/android.nix @@ -1,16 +1,14 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.android; -in { +in +{ options.nixfiles.modules.android.enable = mkEnableOption "support for Android devices"; config = mkIf cfg.enable { programs.adb.enable = true; - my.extraGroups = ["adbusers"]; + my.extraGroups = [ "adbusers" ]; }; } diff --git a/modules/nixos/beets.nix b/modules/nixos/beets.nix index f01e412..732f400 100644 --- a/modules/nixos/beets.nix +++ b/modules/nixos/beets.nix @@ -4,99 +4,102 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.beets; -in { - options.nixfiles.modules.beets.enable = - mkEnableOption "beets"; +in +{ + options.nixfiles.modules.beets.enable = mkEnableOption "beets"; config = mkIf cfg.enable { - hm = let - beetsdir = "${config.dirs.data}/beets"; - in { - home = { - activation.initialiseBeets = '' - if [[ ! -d "${beetsdir}" ]]; then - mkdir -p ${beetsdir} - fi - ''; + hm = + let + beetsdir = "${config.dirs.data}/beets"; + in + { + home = { + activation.initialiseBeets = '' + if [[ ! -d "${beetsdir}" ]]; then + mkdir -p ${beetsdir} + fi + ''; - sessionVariables.BEETSDIR = beetsdir; - }; + sessionVariables.BEETSDIR = beetsdir; + }; - programs = { - beets = { - enable = true; + programs = { + beets = { + enable = true; - package = pkgs.beets-unstable; + package = pkgs.beets-unstable; - settings = { - library = "${beetsdir}/library.db"; - directory = config.userDirs.music; - plugins = concatStringsSep " " [ - "badfiles" - "edit" - "fetchart" - "info" - "mbsync" - "mpdupdate" - "scrub" - "zero" - ]; - original_date = true; - import = { - write = true; - copy = true; - move = false; - bell = true; - from_scratch = true; - }; - match = { - preferred = { - countries = [ - "JP" - "KR" - "TW" - "HK" - "CN" - "RU" - "NL" - "DE" - "AT" - "GB|UK" - "CA" - "AU" - "NZ" - "US" - ]; - original_year = true; + settings = { + library = "${beetsdir}/library.db"; + directory = config.userDirs.music; + plugins = concatStringsSep " " [ + "badfiles" + "edit" + "fetchart" + "info" + "mbsync" + "mpdupdate" + "scrub" + "zero" + ]; + original_date = true; + import = { + write = true; + copy = true; + move = false; + bell = true; + from_scratch = true; + }; + match = { + preferred = { + countries = [ + "JP" + "KR" + "TW" + "HK" + "CN" + "RU" + "NL" + "DE" + "AT" + "GB|UK" + "CA" + "AU" + "NZ" + "US" + ]; + original_year = true; + }; + }; + edit = { + albumfields = "album artist albumartist"; + itemfields = "track title album artist albumartist day month year genre"; + }; + fetchart = { + auto = true; + cautious = true; + cover_names = "cover Cover folder Folder art Art album Album front Front"; + sources = "filesystem coverart itunes amazon albumart wikipedia"; + high_resolution = true; + }; + scrub.auto = true; + zero = { + fields = "comments genre"; + update_database = true; + }; + mpd = { + host = "127.0.0.1"; + port = 6600; }; - }; - edit = { - albumfields = "album artist albumartist"; - itemfields = "track title album artist albumartist day month year genre"; - }; - fetchart = { - auto = true; - cautious = true; - cover_names = "cover Cover folder Folder art Art album Album front Front"; - sources = "filesystem coverart itunes amazon albumart wikipedia"; - high_resolution = true; - }; - scrub.auto = true; - zero = { - fields = "comments genre"; - update_database = true; - }; - mpd = { - host = "127.0.0.1"; - port = 6600; }; }; - }; - bash.shellAliases.beet = "beet --config ${config.dirs.config}/beets/config.yaml"; + bash.shellAliases.beet = "beet --config ${config.dirs.config}/beets/config.yaml"; + }; }; - }; }; } diff --git a/modules/nixos/bluetooth.nix b/modules/nixos/bluetooth.nix index 26d081d..117aff7 100644 --- a/modules/nixos/bluetooth.nix +++ b/modules/nixos/bluetooth.nix @@ -1,16 +1,13 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.bluetooth; -in { - options.nixfiles.modules.bluetooth.enable = - mkEnableOption "Bluetooth support"; +in +{ + options.nixfiles.modules.bluetooth.enable = mkEnableOption "Bluetooth support"; config = mkIf cfg.enable { - ark.directories = ["/var/lib/bluetooth"]; + ark.directories = [ "/var/lib/bluetooth" ]; hardware.bluetooth = { enable = true; diff --git a/modules/nixos/chromium.nix b/modules/nixos/chromium.nix index 3b87b4c..c7842d5 100644 --- a/modules/nixos/chromium.nix +++ b/modules/nixos/chromium.nix @@ -4,14 +4,16 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.chromium; -in { +in +{ options.nixfiles.modules.chromium.enable = mkEnableOption "Chromium"; config = mkIf cfg.enable { hm = { - home.packages = with pkgs; [profile-cleaner]; + home.packages = with pkgs; [ profile-cleaner ]; programs.chromium = { enable = true; @@ -19,7 +21,7 @@ in { package = pkgs.ungoogled-chromium; extensions = [ - {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";} # uBlock Origin + { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin ]; }; }; diff --git a/modules/nixos/clickhouse.nix b/modules/nixos/clickhouse.nix index 4fae683..12dc7fa 100644 --- a/modules/nixos/clickhouse.nix +++ b/modules/nixos/clickhouse.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.clickhouse; -in { +in +{ options.nixfiles.modules.clickhouse = { enable = mkEnableOption "Clickhouse"; }; diff --git a/modules/nixos/common/ark.nix b/modules/nixos/common/ark.nix index 3a12050..6c7148f 100644 --- a/modules/nixos/common/ark.nix +++ b/modules/nixos/common/ark.nix @@ -4,34 +4,42 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.ark; -in { +in +{ imports = [ - (mkAliasOptionModule ["ark"] ["nixfiles" "modules" "ark"]) + (mkAliasOptionModule [ "ark" ] [ + "nixfiles" + "modules" + "ark" + ]) inputs.impermanence.nixosModules.impermanence ]; - options.nixfiles.modules.ark = let - mkListOfAnythingOption = mkOption { - type = with types; listOf anything; # Assumed to be matching with the upstream type. - default = []; - }; - in { - enable = mkEnableOption "persistent storage support via impermanence"; + options.nixfiles.modules.ark = + let + mkListOfAnythingOption = mkOption { + type = with types; listOf anything; # Assumed to be matching with the upstream type. + default = [ ]; + }; + in + { + enable = mkEnableOption "persistent storage support via impermanence"; - path = mkOption { - type = types.str; - default = "/ark"; - }; + path = mkOption { + type = types.str; + default = "/ark"; + }; - directories = mkListOfAnythingOption; - files = mkListOfAnythingOption; - # hm = { - # directories = mkListOfAnythingOption; - # files = mkListOfAnythingOption; - # }; - }; + directories = mkListOfAnythingOption; + files = mkListOfAnythingOption; + # hm = { + # directories = mkListOfAnythingOption; + # files = mkListOfAnythingOption; + # }; + }; config = mkIf cfg.enable { environment.persistence.${cfg.path} = { diff --git a/modules/nixos/common/console.nix b/modules/nixos/common/console.nix index 3491e37..330310c 100644 --- a/modules/nixos/common/console.nix +++ b/modules/nixos/common/console.nix @@ -1,8 +1,5 @@ +{ config, pkgs, ... }: { - config, - pkgs, - ... -}: { stylix.targets.console.enable = false; console = { diff --git a/modules/nixos/common/documentation.nix b/modules/nixos/common/documentation.nix index cb66818..f7d1585 100644 --- a/modules/nixos/common/documentation.nix +++ b/modules/nixos/common/documentation.nix @@ -5,7 +5,8 @@ this, ... }: -with lib; { +with lib; +{ config = mkIf this.isHeadful { documentation = { dev.enable = true; @@ -14,13 +15,12 @@ with lib; { man.man-db.manualPages = (pkgs.buildEnv { name = "man-paths"; - paths = with config; - environment.systemPackages ++ hm.home.packages; - pathsToLink = ["/share/man"]; - extraOutputsToInstall = ["man"]; + paths = with config; environment.systemPackages ++ hm.home.packages; + pathsToLink = [ "/share/man" ]; + extraOutputsToInstall = [ "man" ]; ignoreCollisions = true; - }) - .overrideAttrs (_: _: {__contentAddressed = true;}); + }).overrideAttrs + (_: _: { __contentAddressed = true; }); }; environment.sessionVariables = { diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index 52f2fd3..c553a65 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -1,3 +1,4 @@ -{inputs, ...}: { - imports = [inputs.home-manager.nixosModule]; +{ inputs, ... }: +{ + imports = [ inputs.home-manager.nixosModule ]; } diff --git a/modules/nixos/common/kernel.nix b/modules/nixos/common/kernel.nix index 2fc40f9..5c45b5d 100644 --- a/modules/nixos/common/kernel.nix +++ b/modules/nixos/common/kernel.nix @@ -1,11 +1,12 @@ -{lib, ...}: -with lib; { +{ lib, ... }: +with lib; +{ boot = { # I don't use it even on laptops. It's also /required/ to disable it for # ZFS[1]. # [1]: https://github.com/openzfs/zfs/issues/260 # [1]: https://github.com/openzfs/zfs/issues/12842 - kernelParams = ["hibernate=no"]; + kernelParams = [ "hibernate=no" ]; kernel.sysctl = { "fs.file-max" = pow 2 17; diff --git a/modules/nixos/common/locale.nix b/modules/nixos/common/locale.nix index 76186bc..699f89b 100644 --- a/modules/nixos/common/locale.nix +++ b/modules/nixos/common/locale.nix @@ -1,9 +1,6 @@ +{ lib, pkgs, ... }: +with lib; { - lib, - pkgs, - ... -}: -with lib; { i18n = { defaultLocale = mkDefault "en_GB.UTF-8"; supportedLocales = [ diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix index fb7d9b2..ecadf6e 100644 --- a/modules/nixos/common/networking.nix +++ b/modules/nixos/common/networking.nix @@ -5,14 +5,16 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.common.networking; -in { - options.nixfiles.modules.common.networking.onlyDefault = - mkEnableOption "custom networking settings"; +in +{ + options.nixfiles.modules.common.networking.onlyDefault = mkEnableOption "custom networking settings"; config = mkIf (!cfg.onlyDefault) { - ark.directories = with config.networking; + ark.directories = + with config.networking; optional networkmanager.enable "/etc/NetworkManager/system-connections" ++ optional wireless.iwd.enable "/var/lib/iwd"; @@ -27,8 +29,8 @@ in { # Remove default hostname mappings. This is required at least by the # current implementation of the monitoring module. hosts = { - "127.0.0.2" = mkForce []; - "::1" = mkForce []; + "127.0.0.2" = mkForce [ ]; + "::1" = mkForce [ ]; }; nameservers = mkDefault dns.const.quad9.default; @@ -52,33 +54,35 @@ in { logReversePathDrops = false; }; } - (let - interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. - in + ( + let + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. + in mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { usePredictableInterfaceNames = false; # NOTE This can break something! interfaces.${interface} = { - ipv4.addresses = with this.ipv4; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; - - ipv6.addresses = with this.ipv6; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; + ipv4.addresses = + with this.ipv4; + optional (isString address && isInt prefixLength) { inherit address prefixLength; }; + + ipv6.addresses = + with this.ipv6; + optional (isString address && isInt prefixLength) { inherit address prefixLength; }; }; - defaultGateway = with this.ipv4; + defaultGateway = + with this.ipv4; mkIf (isString gatewayAddress) { inherit interface; address = gatewayAddress; }; - defaultGateway6 = with this.ipv6; + defaultGateway6 = + with this.ipv6; mkIf (isString gatewayAddress) { inherit interface; address = gatewayAddress; }; - }) + } + ) (mkIf this.isHeadful { interfaces = { eth0.useDHCP = mkDefault true; @@ -100,12 +104,8 @@ in { ]; environment = { - shellAliases = listToAttrs (map - ({ - name, - value, - }: - nameValuePair name "${pkgs.iproute2}/bin/${value}") [ + shellAliases = listToAttrs ( + map ({ name, value }: nameValuePair name "${pkgs.iproute2}/bin/${value}") [ { name = "bridge"; value = "bridge -color=always"; @@ -118,7 +118,8 @@ in { name = "tc"; value = "tc -color=always"; } - ]); + ] + ); systemPackages = with pkgs; [ ethtool diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix index 2976cfc..146575d 100644 --- a/modules/nixos/common/nix.nix +++ b/modules/nixos/common/nix.nix @@ -4,13 +4,15 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.common.nix; -in { +in +{ options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption { description = "A list of allowed unfree packages."; type = with types; listOf str; - default = []; + default = [ ]; }; config = { @@ -22,13 +24,12 @@ in { nixpkgs.config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; - system.stateVersion = with builtins; - head (split "\n" (readFile "${inputs.nixpkgs}/.version")); + system.stateVersion = with builtins; head (split "\n" (readFile "${inputs.nixpkgs}/.version")); environment = { sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; localBinInPath = true; - defaultPackages = []; + defaultPackages = [ ]; }; }; } diff --git a/modules/nixos/common/secrets.nix b/modules/nixos/common/secrets.nix index 9a82c44..31787ac 100644 --- a/modules/nixos/common/secrets.nix +++ b/modules/nixos/common/secrets.nix @@ -1,3 +1,4 @@ -{inputs, ...}: { - imports = [inputs.agenix.nixosModules.default]; +{ inputs, ... }: +{ + imports = [ inputs.agenix.nixosModules.default ]; } diff --git a/modules/nixos/common/shell.nix b/modules/nixos/common/shell.nix index 5fbc441..a1a7f08 100644 --- a/modules/nixos/common/shell.nix +++ b/modules/nixos/common/shell.nix @@ -1,3 +1 @@ -_: { - programs.command-not-found.enable = false; -} +_: { programs.command-not-found.enable = false; } diff --git a/modules/nixos/common/stylix.nix b/modules/nixos/common/stylix.nix index 5ca5571..a89943a 100644 --- a/modules/nixos/common/stylix.nix +++ b/modules/nixos/common/stylix.nix @@ -5,8 +5,9 @@ pkgs, ... }: -with lib; { - imports = [inputs.stylix.nixosModules.stylix]; +with lib; +{ + imports = [ inputs.stylix.nixosModules.stylix ]; stylix.cursor = { name = "phinger-cursors"; diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix index 3972670..b393d9f 100644 --- a/modules/nixos/common/systemd.nix +++ b/modules/nixos/common/systemd.nix @@ -1,14 +1,11 @@ +{ config, pkgs, ... }: { - config, - pkgs, - ... -}: { ark = { - files = ["/etc/machine-id"]; - directories = ["/var/lib/systemd/coredump"]; + files = [ "/etc/machine-id" ]; + directories = [ "/var/lib/systemd/coredump" ]; }; - my.extraGroups = ["systemd-journal"]; + my.extraGroups = [ "systemd-journal" ]; hm.systemd.user.startServices = "sd-switch"; @@ -24,15 +21,19 @@ SystemMaxUse=5G ''; - systemd = let - extraConfig = '' - DefaultTimeoutStartSec=30s - DefaultTimeoutStopSec=15s - ''; - in { - inherit extraConfig; - user = {inherit extraConfig;}; - }; + systemd = + let + extraConfig = '' + DefaultTimeoutStartSec=30s + DefaultTimeoutStopSec=15s + ''; + in + { + inherit extraConfig; + user = { + inherit extraConfig; + }; + }; environment.sessionVariables = { SYSTEMD_PAGERSECURE = "1"; diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix index 367af41..eca9e1b 100644 --- a/modules/nixos/common/users.nix +++ b/modules/nixos/common/users.nix @@ -1,8 +1,10 @@ -{lib, ...}: -with lib; let +{ lib, ... }: +with lib; +let home = "/home/${my.username}"; -in { - ark.directories = [home]; +in +{ + ark.directories = [ home ]; users = { mutableUsers = false; @@ -16,8 +18,8 @@ in { description = my.fullname; inherit home; inherit (my) hashedPassword; - openssh.authorizedKeys.keys = [my.ssh.key]; - extraGroups = ["wheel"]; + openssh.authorizedKeys.keys = [ my.ssh.key ]; + extraGroups = [ "wheel" ]; }; }; }; diff --git a/modules/nixos/common/xdg.nix b/modules/nixos/common/xdg.nix index 668996f..1fe167e 100644 --- a/modules/nixos/common/xdg.nix +++ b/modules/nixos/common/xdg.nix @@ -4,19 +4,19 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.common.xdg; -in { +in +{ options.nixfiles.modules.common.xdg.defaultApplications = mkOption { description = "Default applications."; type = with types; attrsOf (listOf str); - default = {}; + default = { }; }; config = { - xdg.portal = mkIf this.isHeadful { - enable = true; - }; + xdg.portal = mkIf this.isHeadful { enable = true; }; hm.xdg = mkMerge [ (with cfg; { @@ -31,11 +31,9 @@ in { (mkIf this.isHeadful { mimeApps = { enable = true; - defaultApplications = - mkMerge - (mapAttrsToList - (n: v: genAttrs v (_: ["${n}.desktop"])) - cfg.defaultApplications); + defaultApplications = mkMerge ( + mapAttrsToList (n: v: genAttrs v (_: [ "${n}.desktop" ])) cfg.defaultApplications + ); }; }) ]; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 1a42517..1d5e905 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -15,12 +15,14 @@ _: { ./endlessh.nix ./fail2ban.nix ./firefox + ./foot.nix ./games ./git ./gnupg.nix ./gotify.nix ./grafana.nix ./hydra.nix + ./incus.nix ./ipfs.nix ./jackett.nix ./k3s.nix @@ -28,7 +30,6 @@ _: { ./libvirtd.nix ./lidarr.nix ./loki.nix - ./incus.nix ./matrix ./monitoring ./mpd.nix diff --git a/modules/nixos/docker.nix b/modules/nixos/docker.nix index 0795386..62dc095 100644 --- a/modules/nixos/docker.nix +++ b/modules/nixos/docker.nix @@ -5,9 +5,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.docker; -in { +in +{ options.nixfiles.modules.docker.enable = mkEnableOption "Docker"; config = mkIf cfg.enable { @@ -29,8 +31,8 @@ in { virtualisation.docker.enable = true; - environment.systemPackages = with pkgs; [docker-compose]; + environment.systemPackages = with pkgs; [ docker-compose ]; - my.extraGroups = ["docker"]; + my.extraGroups = [ "docker" ]; }; } diff --git a/modules/nixos/dwm.nix b/modules/nixos/dwm.nix index a32ed29..912be0c 100644 --- a/modules/nixos/dwm.nix +++ b/modules/nixos/dwm.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.dwm; -in { +in +{ options.nixfiles.modules.dwm.enable = mkEnableOption "dwm"; config = mkIf cfg.enable { @@ -15,134 +17,137 @@ in { hm.xsession = { enable = true; - windowManager.command = let - pkg = pkgs.dwm.override { - conf = let - font = with config.stylix.fonts; "${monospace.name}:size=${toString sizes.terminal}"; - in '' - static const unsigned int borderpx = 1; - static const unsigned int snap = 32; - static const int showbar = 1; - static const int topbar = 1; + windowManager.command = + let + pkg = pkgs.dwm.override { + conf = + let + font = with config.stylix.fonts; "${monospace.name}:size=${toString sizes.terminal}"; + in + '' + static const unsigned int borderpx = 1; + static const unsigned int snap = 32; + static const int showbar = 1; + static const int topbar = 1; - static const char *fonts[] = { - "${font}" - }; + static const char *fonts[] = { + "${font}" + }; - static const char *colors[][3] = { - [SchemeNorm] = { - "${config.color.base06}", - "${config.color.base01}", - "${config.color.base01}", - }, - [SchemeSel] = { - "${config.color.base01}", - "${config.color.base06}", - "${config.color.base06}", - }, - }; + static const char *colors[][3] = { + [SchemeNorm] = { + "${config.color.base06}", + "${config.color.base01}", + "${config.color.base01}", + }, + [SchemeSel] = { + "${config.color.base01}", + "${config.color.base06}", + "${config.color.base06}", + }, + }; - static const char *tags[] = { - "1", - "2", - "3", - "4", - "5", - "6", - "7", - "8", - "9" - }; + static const char *tags[] = { + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9" + }; - static const Rule rules[] = { - { "Emacs", NULL, NULL, 1 << 0, 0, -1 }, - }; + static const Rule rules[] = { + { "Emacs", NULL, NULL, 1 << 0, 0, -1 }, + }; - static const float mfact = 0.666; - static const int nmaster = 1; - static const int resizehints = 0; - static const int lockfullscreen = 1; + static const float mfact = 0.666; + static const int nmaster = 1; + static const int resizehints = 0; + static const int lockfullscreen = 1; - static const Layout layouts[] = { - { "[]=", tile }, - { "><>", NULL }, - { "[M]", monocle }, - }; + static const Layout layouts[] = { + { "[]=", tile }, + { "><>", NULL }, + { "[M]", monocle }, + }; - #define MODKEY Mod4Mask - #define TAGKEYS(KEY,TAG) \ - { MODKEY, KEY, view, { .ui = 1 << TAG } }, \ - { MODKEY|ControlMask, KEY, toggleview, { .ui = 1 << TAG } }, \ - { MODKEY|ShiftMask, KEY, tag, { .ui = 1 << TAG } }, \ - { MODKEY|ControlMask|ShiftMask, KEY, toggletag, { .ui = 1 << TAG } }, + #define MODKEY Mod4Mask + #define TAGKEYS(KEY,TAG) \ + { MODKEY, KEY, view, { .ui = 1 << TAG } }, \ + { MODKEY|ControlMask, KEY, toggleview, { .ui = 1 << TAG } }, \ + { MODKEY|ShiftMask, KEY, tag, { .ui = 1 << TAG } }, \ + { MODKEY|ControlMask|ShiftMask, KEY, toggletag, { .ui = 1 << TAG } }, - static char dmenumon[2] = "0"; - static const char *dmenucmd[] = { - "${pkgs.dmenu}/bin/dmenu_run", - "-m", dmenumon, - "-fn", "${font}", - "-nb", "${config.color.base01}", - "-nf", "${config.color.base06}", - "-sb", "${config.color.base06}", - "-sf", "${config.color.base01}", - NULL, - }; - static const char *termcmd[] = { - "${getExe pkgs.alacritty}", - NULL, - }; + static char dmenumon[2] = "0"; + static const char *dmenucmd[] = { + "${pkgs.dmenu}/bin/dmenu_run", + "-m", dmenumon, + "-fn", "${font}", + "-nb", "${config.color.base01}", + "-nf", "${config.color.base06}", + "-sb", "${config.color.base06}", + "-sf", "${config.color.base01}", + NULL, + }; + static const char *termcmd[] = { + "${getExe pkgs.alacritty}", + NULL, + }; - static const Key keys[] = { - { MODKEY, XK_x, spawn, {.v = dmenucmd} }, - { MODKEY, XK_Return, spawn, {.v = termcmd} }, - { MODKEY, XK_b, togglebar, {0} }, - { MODKEY, XK_j, focusstack, {.i = +1} }, - { MODKEY, XK_k, focusstack, {.i = -1} }, - { MODKEY|ShiftMask, XK_k, incnmaster, {.i = +1} }, - { MODKEY|ShiftMask, XK_j, incnmaster, {.i = -1} }, - { MODKEY, XK_comma, setmfact, {.f = -0.05} }, - { MODKEY, XK_period, setmfact, {.f = +0.05} }, - { MODKEY, XK_p, zoom, {0} }, - { MODKEY, XK_Tab, view, {0} }, - { MODKEY, XK_d, killclient, {0} }, - { MODKEY, XK_t, setlayout, {.v = &layouts[0]} }, - { MODKEY, XK_m, setlayout, {.v = &layouts[1]} }, - { MODKEY, XK_f, setlayout, {.v = &layouts[2]} }, - { MODKEY, XK_o, togglefloating, {0} }, - { MODKEY, XK_0, view, {.ui = ~0} }, - { MODKEY|ShiftMask, XK_0, tag, {.ui = ~0} }, - { MODKEY, XK_h, focusmon, {.i = -1} }, - { MODKEY, XK_l, focusmon, {.i = +1} }, - { MODKEY|ShiftMask, XK_h, tagmon, {.i = -1} }, - { MODKEY|ShiftMask, XK_l, tagmon, {.i = +1} }, - TAGKEYS( XK_1, 0) - TAGKEYS( XK_2, 1) - TAGKEYS( XK_3, 2) - TAGKEYS( XK_4, 3) - TAGKEYS( XK_5, 4) - TAGKEYS( XK_6, 5) - TAGKEYS( XK_7, 6) - TAGKEYS( XK_8, 7) - TAGKEYS( XK_9, 8) - { MODKEY|ShiftMask, XK_q, quit, {0} }, - }; + static const Key keys[] = { + { MODKEY, XK_x, spawn, {.v = dmenucmd} }, + { MODKEY, XK_Return, spawn, {.v = termcmd} }, + { MODKEY, XK_b, togglebar, {0} }, + { MODKEY, XK_j, focusstack, {.i = +1} }, + { MODKEY, XK_k, focusstack, {.i = -1} }, + { MODKEY|ShiftMask, XK_k, incnmaster, {.i = +1} }, + { MODKEY|ShiftMask, XK_j, incnmaster, {.i = -1} }, + { MODKEY, XK_comma, setmfact, {.f = -0.05} }, + { MODKEY, XK_period, setmfact, {.f = +0.05} }, + { MODKEY, XK_p, zoom, {0} }, + { MODKEY, XK_Tab, view, {0} }, + { MODKEY, XK_d, killclient, {0} }, + { MODKEY, XK_t, setlayout, {.v = &layouts[0]} }, + { MODKEY, XK_m, setlayout, {.v = &layouts[1]} }, + { MODKEY, XK_f, setlayout, {.v = &layouts[2]} }, + { MODKEY, XK_o, togglefloating, {0} }, + { MODKEY, XK_0, view, {.ui = ~0} }, + { MODKEY|ShiftMask, XK_0, tag, {.ui = ~0} }, + { MODKEY, XK_h, focusmon, {.i = -1} }, + { MODKEY, XK_l, focusmon, {.i = +1} }, + { MODKEY|ShiftMask, XK_h, tagmon, {.i = -1} }, + { MODKEY|ShiftMask, XK_l, tagmon, {.i = +1} }, + TAGKEYS( XK_1, 0) + TAGKEYS( XK_2, 1) + TAGKEYS( XK_3, 2) + TAGKEYS( XK_4, 3) + TAGKEYS( XK_5, 4) + TAGKEYS( XK_6, 5) + TAGKEYS( XK_7, 6) + TAGKEYS( XK_8, 7) + TAGKEYS( XK_9, 8) + { MODKEY|ShiftMask, XK_q, quit, {0} }, + }; - static const Button buttons[] = { - { ClkLtSymbol, 0, Button1, setlayout, {0} }, - { ClkLtSymbol, 0, Button3, setlayout, {.v = &layouts[2]} }, - { ClkWinTitle, 0, Button2, zoom, {0} }, - { ClkStatusText, 0, Button2, spawn, {.v = termcmd} }, - { ClkClientWin, MODKEY, Button1, movemouse, {0} }, - { ClkClientWin, MODKEY, Button2, togglefloating, {0} }, - { ClkClientWin, MODKEY, Button3, resizemouse, {0} }, - { ClkTagBar, 0, Button1, view, {0} }, - { ClkTagBar, 0, Button3, toggleview, {0} }, - { ClkTagBar, MODKEY, Button1, tag, {0} }, - { ClkTagBar, MODKEY, Button3, toggletag, {0} }, - }; - ''; - }; - in + static const Button buttons[] = { + { ClkLtSymbol, 0, Button1, setlayout, {0} }, + { ClkLtSymbol, 0, Button3, setlayout, {.v = &layouts[2]} }, + { ClkWinTitle, 0, Button2, zoom, {0} }, + { ClkStatusText, 0, Button2, spawn, {.v = termcmd} }, + { ClkClientWin, MODKEY, Button1, movemouse, {0} }, + { ClkClientWin, MODKEY, Button2, togglefloating, {0} }, + { ClkClientWin, MODKEY, Button3, resizemouse, {0} }, + { ClkTagBar, 0, Button1, view, {0} }, + { ClkTagBar, 0, Button3, toggleview, {0} }, + { ClkTagBar, MODKEY, Button1, tag, {0} }, + { ClkTagBar, MODKEY, Button3, toggletag, {0} }, + }; + ''; + }; + in getExe' pkg "dwm"; }; @@ -151,7 +156,14 @@ in { # package = pkgs.dwm-status.override { # enableAlsaUtils = false; # }; - order = ["audio" "backlight" "battery" "cpu_load" "network" "time"]; + order = [ + "audio" + "backlight" + "battery" + "cpu_load" + "network" + "time" + ]; }; services.xserver.displayManager.startx.enable = true; diff --git a/modules/nixos/emacs.nix b/modules/nixos/emacs.nix index 7d2112b..8a59c9b 100644 --- a/modules/nixos/emacs.nix +++ b/modules/nixos/emacs.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.emacs; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules.common.xdg.defaultApplications.emacs = [ "application/atom+xml" diff --git a/modules/nixos/endlessh-go.nix b/modules/nixos/endlessh-go.nix index 435305d..efaaa8f 100644 --- a/modules/nixos/endlessh-go.nix +++ b/modules/nixos/endlessh-go.nix @@ -4,14 +4,17 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.endlessh-go; -in { +in +{ options.nixfiles.modules.endlessh-go.enable = mkEnableOption "endlessh-go"; - config = let - port = 22; - in + config = + let + port = 22; + in mkIf cfg.enable { services.endlessh-go = { enable = true; @@ -22,9 +25,12 @@ in { listenAddress = this.wireguard.ipv4.address; port = 9229; }; - extraOptions = ["-geoip_supplier=ip-api" "-v=1"]; + extraOptions = [ + "-geoip_supplier=ip-api" + "-v=1" + ]; }; - networking.firewall.allowedTCPPorts = [port]; + networking.firewall.allowedTCPPorts = [ port ]; }; } diff --git a/modules/nixos/endlessh.nix b/modules/nixos/endlessh.nix index caf9a38..f1bf0bc 100644 --- a/modules/nixos/endlessh.nix +++ b/modules/nixos/endlessh.nix @@ -1,16 +1,15 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.endlessh; -in { +in +{ options.nixfiles.modules.endlessh.enable = mkEnableOption "endlessh"; - config = let - port = 22; - in + config = + let + port = 22; + in mkIf cfg.enable { ark.directories = [ "/var/lib/gotify-server" @@ -20,9 +19,12 @@ in { services.endlessh = { enable = true; inherit port; - extraOptions = ["-v" "-4"]; + extraOptions = [ + "-v" + "-4" + ]; }; - networking.firewall.allowedTCPPorts = [port]; + networking.firewall.allowedTCPPorts = [ port ]; }; } diff --git a/modules/nixos/fail2ban.nix b/modules/nixos/fail2ban.nix index ce35c1f..a0cc2b4 100644 --- a/modules/nixos/fail2ban.nix +++ b/modules/nixos/fail2ban.nix @@ -4,14 +4,15 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.fail2ban; -in { - options.nixfiles.modules.fail2ban.enable = - mkEnableOption "fail2ban"; +in +{ + options.nixfiles.modules.fail2ban.enable = mkEnableOption "fail2ban"; config = mkIf cfg.enable { - ark.directories = ["/var/lib/fail2ban"]; + ark.directories = [ "/var/lib/fail2ban" ]; services.fail2ban = { enable = true; @@ -22,9 +23,13 @@ in { rndtime = "8m"; }; - ignoreIP = - optionals (hasAttr "wireguard" this) - (with config.nixfiles.modules.wireguard; [ipv4.subnet ipv6.subnet]); + ignoreIP = optionals (hasAttr "wireguard" this) ( + with config.nixfiles.modules.wireguard; + [ + ipv4.subnet + ipv6.subnet + ] + ); jails.DEFAULT.settings.blocktype = "DROP"; }; diff --git a/modules/nixos/firefox/addons.nix b/modules/nixos/firefox/addons.nix index bd14bb5..28235d4 100644 --- a/modules/nixos/firefox/addons.nix +++ b/modules/nixos/firefox/addons.nix @@ -1,7 +1,5 @@ +{ buildFirefoxXpiAddon, lib }: { - buildFirefoxXpiAddon, - lib, -}: { "bitwarden" = buildFirefoxXpiAddon { pname = "bitwarden"; version = "2024.2.1"; @@ -33,10 +31,10 @@ }; "bypass-paywalls" = buildFirefoxXpiAddon { pname = "bypass-paywalls"; - version = "3.5.9.0"; + version = "3.6.0.0"; addonId = "magnolia_limited_permissions_d@12.34"; - url = "https://addons.mozilla.org/firefox/downloads/file/4248144/bypass_paywalls_clean_d-3.5.9.0.xpi"; - sha256 = "938da8dcfa0e3ff012b40cf54a270ca73b03183387ef9330bf8b7771dbf10a5c"; + url = "https://addons.mozilla.org/firefox/downloads/file/4251818/bypass_paywalls_clean_d-3.6.0.0.xpi"; + sha256 = "30a57df51a241838dca9360a12801ea82f2deaf76a6b63f1279235e2f5f3c939"; meta = with lib; { homepage = "https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean"; description = "Bypass Paywalls"; @@ -173,6 +171,7 @@ "*://*.courant.com/*" "*://*.courier-journal.com/*" "*://*.couriermail.com.au/*" + "*://*.courrierinternational.com/*" "*://*.crainscleveland.com/*" "*://*.crainsdetroit.com/*" "*://*.crainsnewyork.com/*" @@ -290,6 +289,7 @@ "*://*.ftm.nl/*" "*://*.gazetadopovo.com.br/*" "*://*.gazzetta.it/*" + "*://*.gbnews.com/*" "*://*.geelongadvertiser.com.au/*" "*://*.gelderlander.nl/*" "*://*.genomeweb.com/*" @@ -423,6 +423,7 @@ "*://*.lehighvalleylive.com/*" "*://*.lejdd.fr/*" "*://*.lemagit.fr/*" + "*://*.lemoniteur.fr/*" "*://*.lenouveleconomiste.fr/*" "*://*.lenouvelliste.ch/*" "*://*.leparisien.fr/*" @@ -526,6 +527,7 @@ "*://*.nytimes.com/*" "*://*.nzherald.co.nz/*" "*://*.nzz.ch/*" + "*://*.observador.pt/*" "*://*.ocbj.com/*" "*://*.ocregister.com/*" "*://*.oklahoman.com/*" @@ -560,6 +562,7 @@ "*://*.popularmechanics.com/*" "*://*.post-gazette.com/*" "*://*.pourlascience.fr/*" + "*://*.pourleco.com/*" "*://*.precisionmedicineonline.com/*" "*://*.pressenterprise.com/*" "*://*.prevention.com/*" @@ -864,16 +867,21 @@ homepage = "https://consentomatic.au.dk/"; description = "Automatic handling of GDPR consent forms"; license = licenses.mit; - mozPermissions = ["activeTab" "tabs" "storage" "<all_urls>"]; + mozPermissions = [ + "activeTab" + "tabs" + "storage" + "<all_urls>" + ]; platforms = platforms.all; }; }; "darkreader" = buildFirefoxXpiAddon { pname = "darkreader"; - version = "4.9.78"; + version = "4.9.80"; addonId = "addon@darkreader.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4243182/darkreader-4.9.78.xpi"; - sha256 = "21e08b3f26e9b54257d30f6b2fb2d966d41ace54d2d79ccec55e55517084c7ce"; + url = "https://addons.mozilla.org/firefox/downloads/file/4249607/darkreader-4.9.80.xpi"; + sha256 = "a93f1250b72cc27fe4a9b02be062c68fb079e45a1233d562852b48e1e9b99307"; meta = with lib; { homepage = "https://darkreader.org/"; description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing."; @@ -939,10 +947,10 @@ }; "languagetool" = buildFirefoxXpiAddon { pname = "languagetool"; - version = "8.3.0"; + version = "8.6.0"; addonId = "languagetool-webextension@languagetool.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4199245/languagetool-8.3.0.xpi"; - sha256 = "e357424e3df9dde4ba10eb9f8f3719ac4830681570557f4d51db15a462cd7667"; + url = "https://addons.mozilla.org/firefox/downloads/file/4249956/languagetool-8.6.0.xpi"; + sha256 = "d9db9aac9fdd53eb39179c153161762cd9e9eb1f6d7da8e8b8a32238b4847094"; meta = with lib; { homepage = "https://languagetool.org"; description = "With this extension you can check text with the free style and grammar checker LanguageTool. It finds many errors that a simple spell checker cannot detect, like mixing up there/their, a/an, or repeating a word."; @@ -970,7 +978,11 @@ homepage = "https://github.com/MorbZ/no-pdf-download"; description = "Opens all PDF files directly in the browser."; license = licenses.mit; - mozPermissions = ["webRequest" "webRequestBlocking" "<all_urls>"]; + mozPermissions = [ + "webRequest" + "webRequestBlocking" + "<all_urls>" + ]; platforms = platforms.all; }; }; diff --git a/modules/nixos/firefox/default.nix b/modules/nixos/firefox/default.nix index 6d1b31b..881e9ad 100644 --- a/modules/nixos/firefox/default.nix +++ b/modules/nixos/firefox/default.nix @@ -5,9 +5,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.firefox; -in { +in +{ options.nixfiles.modules.firefox.enable = mkEnableOption "Firefox"; config = mkIf cfg.enable { @@ -18,13 +20,13 @@ in { ]; hm = { - imports = [inputs.arkenfox.hmModules.arkenfox]; + imports = [ inputs.arkenfox.hmModules.arkenfox ]; - home.packages = with pkgs; [profile-cleaner]; + home.packages = with pkgs; [ profile-cleaner ]; stylix.targets.firefox = { enable = true; - profileNames = ["default"]; + profileNames = [ "default" ]; }; programs.firefox = { @@ -34,37 +36,40 @@ in { arkenfox.enable = true; - profiles.default = let - mkCssWithRoot = css: - mkMerge [ - # https://github.com/tinted-theming/base24/blob/master/styling.md - (with config.colors.withHashtag; '' - :root { - --black: ${base01}; - --red: ${base08}; - --green: ${base0B}; - --yellow: ${base09}; - --blue: ${base0D}; - --magenta: ${base0E}; - --cyan: ${base0C}; - --white: ${base06}; - --bright-black: ${base02}; - --bright-red: ${base12}; - --bright-green: ${base14}; - --bright-yellow: ${base13}; - --bright-blue: ${base16}; - --bright-magenta: ${base17}; - --bright-cyan: ${base15}; - --bright-white: ${base07}; - --background: ${base00}; - --foreground: ${base05}; - '') - ( - let - mapFonts = concatMapStringsSep ", " (font: ''"${font}"''); - size = toString config.stylix.fonts.sizes.applications; - in - with config.fonts.fontconfig.defaultFonts; '' + profiles.default = + let + mkCssWithRoot = + css: + mkMerge [ + # https://github.com/tinted-theming/base24/blob/master/styling.md + (with config.colors.withHashtag; '' + :root { + --black: ${base01}; + --red: ${base08}; + --green: ${base0B}; + --yellow: ${base09}; + --blue: ${base0D}; + --magenta: ${base0E}; + --cyan: ${base0C}; + --white: ${base06}; + --bright-black: ${base02}; + --bright-red: ${base12}; + --bright-green: ${base14}; + --bright-yellow: ${base13}; + --bright-blue: ${base16}; + --bright-magenta: ${base17}; + --bright-cyan: ${base15}; + --bright-white: ${base07}; + --background: ${base00}; + --foreground: ${base05}; + '') + ( + let + mapFonts = concatMapStringsSep ", " (font: ''"${font}"''); + size = toString config.stylix.fonts.sizes.applications; + in + with config.fonts.fontconfig.defaultFonts; + '' --serif-font-family: ${mapFonts serif}, serif; --serif-font-size: ${size}; --sans-serif-font-family: ${mapFonts sansSerif}, sans-serif; @@ -73,50 +78,54 @@ in { --monospace-font-size: ${size}; } '' - ) - (builtins.readFile css) - ]; - in { - id = 0; - - isDefault = true; - - userChrome = mkCssWithRoot ./userChrome.css; - - userContent = mkCssWithRoot ./userContent.css; - - extensions = let - # This was done using the incredible addon generator[1]. All credit - # goes to Robert Helgesson. - # - # [1]: https://sr.ht/~rycee/mozilla-addons-to-nix/ - buildFirefoxXpiAddon = makeOverridable ({ - stdenv ? pkgs.stdenv, - fetchurl ? pkgs.fetchurl, - pname, - version, - addonId, - url, - sha256, - meta, - ... - }: - stdenv.mkDerivation { - name = "${pname}-${version}"; - inherit meta; - src = fetchurl {inherit url sha256;}; - preferLocalBuild = true; - allowSubstitutes = true; - buildCommand = '' - dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}" - mkdir -p "$dst" - install -v -m644 "$src" "$dst/${addonId}.xpi" - ''; - }); - - addons = import ./addons.nix {inherit buildFirefoxXpiAddon lib;}; + ) + (builtins.readFile css) + ]; in - with addons; + { + id = 0; + + isDefault = true; + + userChrome = mkCssWithRoot ./userChrome.css; + + userContent = mkCssWithRoot ./userContent.css; + + extensions = + let + # This was done using the incredible addon generator[1]. All credit + # goes to Robert Helgesson. + # + # [1]: https://sr.ht/~rycee/mozilla-addons-to-nix/ + buildFirefoxXpiAddon = makeOverridable ( + { + stdenv ? pkgs.stdenv, + fetchurl ? pkgs.fetchurl, + pname, + version, + addonId, + url, + sha256, + meta, + ... + }: + stdenv.mkDerivation { + name = "${pname}-${version}"; + inherit meta; + src = fetchurl { inherit url sha256; }; + preferLocalBuild = true; + allowSubstitutes = true; + buildCommand = '' + dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}" + mkdir -p "$dst" + install -v -m644 "$src" "$dst/${addonId}.xpi" + ''; + } + ); + + addons = import ./addons.nix { inherit buildFirefoxXpiAddon lib; }; + in + with addons; [ bypass-paywalls consent-o-matic @@ -133,483 +142,434 @@ in { ] ++ optional config.nixfiles.modules.ipfs.enable ipfs-companion; - search = { - force = true; - - default = "DuckDuckGo"; - order = ["DuckDuckGo" "Yahoo" "Google"]; - - engines = let - getIcon = url: sha256: pkgs.fetchurl {inherit url sha256;}; - in { - "Amazon.com".metaData.hidden = true; - "Bing".metaData.hidden = true; - "Ebay".metaData.hidden = true; - - "2GIS" = { - urls = [{template = "https://2gis.ru/kazan/search/{searchTerms}";}]; - icon = - getIcon - "https://d-assets.2gis.ru/favicon.png" - "sha256-BlSaYRcUx9zhfJnVK5V7rsyft4qaueIEOONiCg+6aLE="; - definedAliases = ["@2gis"]; - }; - - "AliExpress" = { - urls = [{template = "https://aliexpress.ru/wholesale?SearchText={searchTerms}";}]; - icon = - getIcon - "https://ae01.alicdn.com/images/eng/wholesale/icon/aliexpress.ico" - "sha256-7xgem2pY2PNuv8as1YnS+U03GvDLLGjhcDLt69rtmaA="; - definedAliases = ["@aliexpress" "@ali"]; - }; - - "Ansible Galaxy" = { - urls = [{template = "https://galaxy.ansible.com/search?keywords={searchTerms}";}]; - icon = - getIcon - "https://galaxy.ansible.com/assets/favicon.ico" - "sha256-oAolpZhdKbVTraes6dDlafpvq/Vypu264vgKN4jzJk8="; - definedAliases = ["@ansible" "@galaxy" "@ag"]; - }; - - "Arch Wiki" = { - urls = [{template = "https://wiki.archlinux.org/index.php?search={searchTerms}";}]; - icon = - getIcon - "https://wiki.archlinux.org/favicon.ico" - "sha256-0uxMtT8myzTT7p9k6v5UxsguPKu+vHPlglNTMbnN1T0="; - definedAliases = ["@archwiki" "@aw"]; - }; - - "crates.io" = { - urls = [{template = "https://crates.io/search?q={searchTerms}";}]; - icon = - getIcon - "https://crates.io/favicon.ico" - "sha256-upooA/+m5KMUD1t4WFY3EOmytdpUFgNqUj12Auta1mM="; - definedAliases = ["@crates"]; - }; - - "Discogs" = { - urls = [{template = "https://www.discogs.com/search?q={searchTerms}";}]; - icon = - getIcon - "https://st.discogs.com/d56dcb7367720ea20f1b11a4385705517c7e7702/images/favicon.ico" - "sha256-zEDrbmcUf8XHUyYzNc6JsWzBioX8sm8tjScGHim5VTk="; - definedAliases = ["@discogs"]; - }; - - "Docker Hub" = { - urls = [{template = "https://hub.docker.com/search?q={searchTerms}";}]; - icon = - getIcon - "https://www.docker.com/wp-content/uploads/2023/04/cropped-Docker-favicon-32x32.png" - "sha256-4NmHGMaq31qoIvdlmy7fI3qTbkcp1/tJhqQu/9Ci4/c="; - definedAliases = ["@dockerhub" "@docker"]; - }; - - "Ecosia" = { - urls = [{template = "https://www.ecosia.org/search?q={searchTerms}";}]; - icon = - getIcon - "https://cdn-static.ecosia.org/static/icons/favicon.ico" - "sha256-uvPShG1yVh4C4zaJmGuhhr96V/NredB1Wte9O3U6QxA="; - definedAliases = ["@ecosia"]; - }; - - "Genius" = { - urls = [{template = "https://genius.com/search?q={searchTerms}";}]; - icon = - getIcon - "https://assets.genius.com/images/apple-touch-icon.png" - "sha256-M9YQEVg3T7hMO/xPfihR1aXfG+/pNiVOBCOtzx3GrkE="; - definedAliases = ["@genius"]; - }; - - "GitHub" = { - urls = [{template = "https://github.com/search?q={searchTerms}";}]; - icon = - getIcon - "https://github.githubassets.com/favicons/favicon-dark.svg" - "sha256-qu/d9ftvsntplFuxw9RFL8BpI9b2g5b6xfeGw6Ekh6w="; - definedAliases = ["@github" "@gh"]; - }; - - "godocs.io" = { - urls = [{template = "https://godocs.io/?q={searchTerms}";}]; - icon = - getIcon - "https://go.dev/images/favicon-gopher.svg" - "sha256-OlKpUUeYF8TtMoX4e0ERK1ocIb53OJ8ZDxvwJaQVM/0="; - definedAliases = ["@godocs"]; - }; - - "pkgs.go.dev" = { - urls = [{template = "https://pkg.go.dev/search?q={searchTerms}";}]; - icon = - getIcon - "https://go.dev/images/favicon-gopher.svg" - "sha256-OlKpUUeYF8TtMoX4e0ERK1ocIb53OJ8ZDxvwJaQVM/0="; - definedAliases = ["@gopkgs"]; - }; - - "Hackage" = { - urls = [{template = "https://hackage.haskell.org/packages/search?terms={searchTerms}";}]; - icon = - getIcon - "https://hackage.haskell.org/static/favicon.png" - "sha256-+6WAv93yaA3L2eheGKxklY/uRAvbKD1q/WcmufmhKxY="; - definedAliases = ["@hackage"]; - }; - - "Hoogle" = { - urls = [{template = "https://hoogle.haskell.org/?hoogle={searchTerms}";}]; - icon = - getIcon - "https://hoogle.haskell.org/favicon.png" - "sha256-6qmjRYDDRUwm6EdLoZB6o9XtoujsfDEQJ9xOu3Knei8="; - definedAliases = ["@hoogle"]; - }; - - "Jisho" = { - urls = [{template = "https://jisho.org/search/{searchTerms}";}]; - icon = - getIcon - "https://assets.jisho.org/assets/favicon-062c4a0240e1e6d72c38aa524742c2d558ee6234497d91dd6b75a182ea823d65.ico" - "sha256-BixKAkDh5tcsOKpSR0LC1VjuYjRJfZHda3WhguqCPWU="; - definedAliases = ["@jisho"]; - }; - - "コトバンク" = { - urls = [{template = "https://kotobank.jp/gs/?q={searchTerms}";}]; - icon = - getIcon - "https://kotobank.jp/favicon.ico" - "sha256-t+EzqURlQwznuBqa0GcBbqumvZqtU7HrEAjGUlqp1tg="; - definedAliases = ["@kotobank"]; - }; - - "Kubernetes" = { - urls = [{template = "https://kubernetes.io/search/?q={searchTerms}";}]; - icon = - getIcon - "https://kubernetes.io/images/favicon.png" - "sha256-YI5QvGQXoaTG3uUGQ/R99Xl2r+VqBAA1qqthzPbf8nQ="; - definedAliases = ["@kubernetes" "@k8s"]; - }; - - "Last.fm" = { - urls = [{template = "https://www.last.fm/search?q={searchTerms}";}]; - icon = - getIcon - "https://www.last.fm/static/images/favicon.702b239b6194.ico" - "sha256-ID+DfF+dZ5CzKiBp/psQPRD6r/06PZ0rVYiELWUt5Mw="; - definedAliases = ["@lastfm"]; - }; - - "MDN" = { - urls = [{template = "https://developer.mozilla.org/en-US/search?q={searchTerms}";}]; - icon = - getIcon - "https://developer.mozilla.org/favicon-48x48.cbbd161b.png" - "sha256-Wnd0BqQIKgroGmV+R8vqV9uNBwDvcxBrQ8hXOLOFeKY="; - definedAliases = ["@mdn"]; - }; - - "MELPA" = { - urls = [{template = "https://melpa.org/#/?q={searchTerms}";}]; - icon = - getIcon - "https://melpa.org/favicon.ico" - "sha256-bmlydqXBM8MUMC6cOTGSHPx6zN8tZFqmQ+srbXkSCA4="; - definedAliases = ["@melpa"]; - }; - - "MusicBrainz" = { - urls = [{template = "https://musicbrainz.org/search?type=artist&query={searchTerms}";}]; - icon = - getIcon - "https://musicbrainz.org/static/images/favicons/favicon-16x16.png" - "sha256-M5mKQurmO9AP0gfC+5OLwi8k4XWQy759eQrrKAeytl0="; - definedAliases = ["@musicbrainz" "@mb"]; - }; - - "NixOS Packages" = { - urls = [{template = "https://search.nixos.org/packages?channel=unstable&query={searchTerms}";}]; - icon = - getIcon - "https://nixos.org/favicon.png" - "sha256-awcsDbbpRcDJnJpRavj/IcKMReEektRcqKbE35IJTKQ="; - definedAliases = ["@nixpkgs" "@np"]; - }; - - "NixOS Options" = { - urls = [{template = "https://search.nixos.org/options?channel=unstable&query={searchTerms}";}]; - icon = - getIcon - "https://nixos.org/favicon.png" - "sha256-awcsDbbpRcDJnJpRavj/IcKMReEektRcqKbE35IJTKQ="; - definedAliases = ["@nixopts" "@no"]; - }; - - "NixOS Wiki" = { - urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - icon = - getIcon - "https://nixos.wiki/favicon.png" - "sha256-DE8IgVninF6Aq3iNMgerhvF1dpoXqDUSibtWSpf/dN4="; - definedAliases = ["@nixoswiki" "@nw"]; - }; - - "OpenStreetMap" = { - urls = [{template = "https://www.openstreetmap.org/search?query={searchTerms}";}]; - icon = - getIcon - "https://www.openstreetmap.org/assets/favicon-32x32-99b88fcadeef736889823c8a886b89d8cada9d4423a49a27de29bacc0a6bebd1.png" - "sha256-dt4QVbQPdb4neS/fwH3yOWOSbEdkjMZtAYnIeCfr7qI="; - definedAliases = ["@openstreetmap" "@osm" "@maps"]; - }; - - "ProtonDB" = { - urls = [{template = "https://www.protondb.com/search?q={searchTerms}";}]; - icon = - getIcon - "https://www.protondb.com/sites/protondb/images/favicon.ico" - "sha256-oauOp0EASNjMcThfzYJ2TfbaOYHBPL8LOp+9lmp4pmc="; - definedAliases = ["@protondb"]; - }; - - "PyPI" = { - urls = [{template = "https://pypi.org/search/?q={searchTerms}";}]; - icon = - getIcon - "https://pypi.org/static/images/logo-small.2a411bc6.svg" - "sha256-+fcSfcNxAMLIFkp+gh52c48lQORoyhcegUIFtuq/zYs="; - definedAliases = ["@pypi"]; - }; + search = { + force = true; - "Python Docs" = { - urls = [{template = "https://docs.python.org/3/search.html?q={searchTerms}";}]; - icon = - getIcon - "https://docs.python.org/3/_static/py.svg" - "sha256-WGW+i8wK+IhZSQPqARL2yNkjxXJsQIHoyFYRDMcznO8="; - definedAliases = ["@pydocs"]; - }; + default = "DuckDuckGo"; + order = [ + "DuckDuckGo" + "Yahoo" + "Google" + ]; - "Rate Your Music" = { - urls = [{template = "https://rateyourmusic.com/search?searchterm={searchTerms}";}]; - icon = - getIcon - "https://e.snmc.io/3.0/img/logo/sonemic-32.png" - "sha256-JpTt1tjBkUvDMTGrG7Hg2EiE8PR3RL7McodeZk1EpZA="; - definedAliases = ["@rym"]; - }; + engines = + let + getIcon = url: sha256: pkgs.fetchurl { inherit url sha256; }; + in + { + "Amazon.com".metaData.hidden = true; + "Bing".metaData.hidden = true; + "Ebay".metaData.hidden = true; + + "2GIS" = { + urls = [ { template = "https://2gis.ru/kazan/search/{searchTerms}"; } ]; + icon = getIcon "https://d-assets.2gis.ru/favicon.png" "sha256-BlSaYRcUx9zhfJnVK5V7rsyft4qaueIEOONiCg+6aLE="; + definedAliases = [ "@2gis" ]; + }; + + "AliExpress" = { + urls = [ { template = "https://aliexpress.ru/wholesale?SearchText={searchTerms}"; } ]; + icon = getIcon "https://ae01.alicdn.com/images/eng/wholesale/icon/aliexpress.ico" "sha256-7xgem2pY2PNuv8as1YnS+U03GvDLLGjhcDLt69rtmaA="; + definedAliases = [ + "@aliexpress" + "@ali" + ]; + }; + + "Ansible Galaxy" = { + urls = [ { template = "https://galaxy.ansible.com/search?keywords={searchTerms}"; } ]; + icon = getIcon "https://galaxy.ansible.com/assets/favicon.ico" "sha256-oAolpZhdKbVTraes6dDlafpvq/Vypu264vgKN4jzJk8="; + definedAliases = [ + "@ansible" + "@galaxy" + "@ag" + ]; + }; + + "Arch Wiki" = { + urls = [ { template = "https://wiki.archlinux.org/index.php?search={searchTerms}"; } ]; + icon = getIcon "https://wiki.archlinux.org/favicon.ico" "sha256-0uxMtT8myzTT7p9k6v5UxsguPKu+vHPlglNTMbnN1T0="; + definedAliases = [ + "@archwiki" + "@aw" + ]; + }; + + "crates.io" = { + urls = [ { template = "https://crates.io/search?q={searchTerms}"; } ]; + icon = getIcon "https://crates.io/favicon.ico" "sha256-upooA/+m5KMUD1t4WFY3EOmytdpUFgNqUj12Auta1mM="; + definedAliases = [ "@crates" ]; + }; + + "Discogs" = { + urls = [ { template = "https://www.discogs.com/search?q={searchTerms}"; } ]; + icon = getIcon "https://st.discogs.com/d56dcb7367720ea20f1b11a4385705517c7e7702/images/favicon.ico" "sha256-zEDrbmcUf8XHUyYzNc6JsWzBioX8sm8tjScGHim5VTk="; + definedAliases = [ "@discogs" ]; + }; + + "Docker Hub" = { + urls = [ { template = "https://hub.docker.com/search?q={searchTerms}"; } ]; + icon = getIcon "https://www.docker.com/wp-content/uploads/2023/04/cropped-Docker-favicon-32x32.png" "sha256-4NmHGMaq31qoIvdlmy7fI3qTbkcp1/tJhqQu/9Ci4/c="; + definedAliases = [ + "@dockerhub" + "@docker" + ]; + }; + + "Ecosia" = { + urls = [ { template = "https://www.ecosia.org/search?q={searchTerms}"; } ]; + icon = getIcon "https://cdn-static.ecosia.org/static/icons/favicon.ico" "sha256-uvPShG1yVh4C4zaJmGuhhr96V/NredB1Wte9O3U6QxA="; + definedAliases = [ "@ecosia" ]; + }; + + "Genius" = { + urls = [ { template = "https://genius.com/search?q={searchTerms}"; } ]; + icon = getIcon "https://assets.genius.com/images/apple-touch-icon.png" "sha256-M9YQEVg3T7hMO/xPfihR1aXfG+/pNiVOBCOtzx3GrkE="; + definedAliases = [ "@genius" ]; + }; + + "GitHub" = { + urls = [ { template = "https://github.com/search?q={searchTerms}"; } ]; + icon = getIcon "https://github.githubassets.com/favicons/favicon-dark.svg" "sha256-qu/d9ftvsntplFuxw9RFL8BpI9b2g5b6xfeGw6Ekh6w="; + definedAliases = [ + "@github" + "@gh" + ]; + }; + + "godocs.io" = { + urls = [ { template = "https://godocs.io/?q={searchTerms}"; } ]; + icon = getIcon "https://go.dev/images/favicon-gopher.svg" "sha256-OlKpUUeYF8TtMoX4e0ERK1ocIb53OJ8ZDxvwJaQVM/0="; + definedAliases = [ "@godocs" ]; + }; + + "pkgs.go.dev" = { + urls = [ { template = "https://pkg.go.dev/search?q={searchTerms}"; } ]; + icon = getIcon "https://go.dev/images/favicon-gopher.svg" "sha256-OlKpUUeYF8TtMoX4e0ERK1ocIb53OJ8ZDxvwJaQVM/0="; + definedAliases = [ "@gopkgs" ]; + }; + + "Hackage" = { + urls = [ { template = "https://hackage.haskell.org/packages/search?terms={searchTerms}"; } ]; + icon = getIcon "https://hackage.haskell.org/static/favicon.png" "sha256-+6WAv93yaA3L2eheGKxklY/uRAvbKD1q/WcmufmhKxY="; + definedAliases = [ "@hackage" ]; + }; + + "Hoogle" = { + urls = [ { template = "https://hoogle.haskell.org/?hoogle={searchTerms}"; } ]; + icon = getIcon "https://hoogle.haskell.org/favicon.png" "sha256-6qmjRYDDRUwm6EdLoZB6o9XtoujsfDEQJ9xOu3Knei8="; + definedAliases = [ "@hoogle" ]; + }; + + "Jisho" = { + urls = [ { template = "https://jisho.org/search/{searchTerms}"; } ]; + icon = getIcon "https://assets.jisho.org/assets/favicon-062c4a0240e1e6d72c38aa524742c2d558ee6234497d91dd6b75a182ea823d65.ico" "sha256-BixKAkDh5tcsOKpSR0LC1VjuYjRJfZHda3WhguqCPWU="; + definedAliases = [ "@jisho" ]; + }; + + "コトバンク" = { + urls = [ { template = "https://kotobank.jp/gs/?q={searchTerms}"; } ]; + icon = getIcon "https://kotobank.jp/favicon.ico" "sha256-t+EzqURlQwznuBqa0GcBbqumvZqtU7HrEAjGUlqp1tg="; + definedAliases = [ "@kotobank" ]; + }; + + "Kubernetes" = { + urls = [ { template = "https://kubernetes.io/search/?q={searchTerms}"; } ]; + icon = getIcon "https://kubernetes.io/images/favicon.png" "sha256-YI5QvGQXoaTG3uUGQ/R99Xl2r+VqBAA1qqthzPbf8nQ="; + definedAliases = [ + "@kubernetes" + "@k8s" + ]; + }; + + "Last.fm" = { + urls = [ { template = "https://www.last.fm/search?q={searchTerms}"; } ]; + icon = getIcon "https://www.last.fm/static/images/favicon.702b239b6194.ico" "sha256-ID+DfF+dZ5CzKiBp/psQPRD6r/06PZ0rVYiELWUt5Mw="; + definedAliases = [ "@lastfm" ]; + }; + + "MDN" = { + urls = [ { template = "https://developer.mozilla.org/en-US/search?q={searchTerms}"; } ]; + icon = getIcon "https://developer.mozilla.org/favicon-48x48.cbbd161b.png" "sha256-Wnd0BqQIKgroGmV+R8vqV9uNBwDvcxBrQ8hXOLOFeKY="; + definedAliases = [ "@mdn" ]; + }; + + "MELPA" = { + urls = [ { template = "https://melpa.org/#/?q={searchTerms}"; } ]; + icon = getIcon "https://melpa.org/favicon.ico" "sha256-bmlydqXBM8MUMC6cOTGSHPx6zN8tZFqmQ+srbXkSCA4="; + definedAliases = [ "@melpa" ]; + }; + + "MusicBrainz" = { + urls = [ { template = "https://musicbrainz.org/search?type=artist&query={searchTerms}"; } ]; + icon = getIcon "https://musicbrainz.org/static/images/favicons/favicon-16x16.png" "sha256-M5mKQurmO9AP0gfC+5OLwi8k4XWQy759eQrrKAeytl0="; + definedAliases = [ + "@musicbrainz" + "@mb" + ]; + }; + + "NixOS Packages" = { + urls = [ { template = "https://search.nixos.org/packages?channel=unstable&query={searchTerms}"; } ]; + icon = getIcon "https://nixos.org/favicon.png" "sha256-awcsDbbpRcDJnJpRavj/IcKMReEektRcqKbE35IJTKQ="; + definedAliases = [ + "@nixpkgs" + "@np" + ]; + }; + + "NixOS Options" = { + urls = [ { template = "https://search.nixos.org/options?channel=unstable&query={searchTerms}"; } ]; + icon = getIcon "https://nixos.org/favicon.png" "sha256-awcsDbbpRcDJnJpRavj/IcKMReEektRcqKbE35IJTKQ="; + definedAliases = [ + "@nixopts" + "@no" + ]; + }; + + "NixOS Wiki" = { + urls = [ { template = "https://nixos.wiki/index.php?search={searchTerms}"; } ]; + icon = getIcon "https://nixos.wiki/favicon.png" "sha256-DE8IgVninF6Aq3iNMgerhvF1dpoXqDUSibtWSpf/dN4="; + definedAliases = [ + "@nixoswiki" + "@nw" + ]; + }; + + "OpenStreetMap" = { + urls = [ { template = "https://www.openstreetmap.org/search?query={searchTerms}"; } ]; + icon = getIcon "https://www.openstreetmap.org/assets/favicon-32x32-99b88fcadeef736889823c8a886b89d8cada9d4423a49a27de29bacc0a6bebd1.png" "sha256-dt4QVbQPdb4neS/fwH3yOWOSbEdkjMZtAYnIeCfr7qI="; + definedAliases = [ + "@openstreetmap" + "@osm" + "@maps" + ]; + }; + + "ProtonDB" = { + urls = [ { template = "https://www.protondb.com/search?q={searchTerms}"; } ]; + icon = getIcon "https://www.protondb.com/sites/protondb/images/favicon.ico" "sha256-oauOp0EASNjMcThfzYJ2TfbaOYHBPL8LOp+9lmp4pmc="; + definedAliases = [ "@protondb" ]; + }; + + "PyPI" = { + urls = [ { template = "https://pypi.org/search/?q={searchTerms}"; } ]; + icon = getIcon "https://pypi.org/static/images/logo-small.2a411bc6.svg" "sha256-+fcSfcNxAMLIFkp+gh52c48lQORoyhcegUIFtuq/zYs="; + definedAliases = [ "@pypi" ]; + }; + + "Python Docs" = { + urls = [ { template = "https://docs.python.org/3/search.html?q={searchTerms}"; } ]; + icon = getIcon "https://docs.python.org/3/_static/py.svg" "sha256-WGW+i8wK+IhZSQPqARL2yNkjxXJsQIHoyFYRDMcznO8="; + definedAliases = [ "@pydocs" ]; + }; + + "Rate Your Music" = { + urls = [ { template = "https://rateyourmusic.com/search?searchterm={searchTerms}"; } ]; + icon = getIcon "https://e.snmc.io/3.0/img/logo/sonemic-32.png" "sha256-JpTt1tjBkUvDMTGrG7Hg2EiE8PR3RL7McodeZk1EpZA="; + definedAliases = [ "@rym" ]; + }; + + "Rust Std" = { + urls = [ { template = "https://doc.rust-lang.org/std/?search={searchTerms}"; } ]; + icon = getIcon "https://www.rust-lang.org/static/images/favicon-32x32.png" "sha256-l2y4jpnODbua4dyLvXTMBlHVkoDPM9y00l6L61so7eA="; + definedAliases = [ + "@ruststd" + "@rust" + ]; + }; + + "SourceHut" = { + urls = [ { template = "https://sr.ht/projects?search={searchTerms}"; } ]; + icon = getIcon "https://sr.ht/static/logo.png" "sha256-NBzKZhqE9//zVJlOwYiwyW/jRFh8+nS2YvC3zMCQ1fU="; + definedAliases = [ + "@sourcehut" + "@srht" + ]; + }; + + "SteamDB" = { + urls = [ { template = "https://steamdb.info/search/?a=app&q={searchTerms}"; } ]; + icon = getIcon "https://steamdb.info/static/logos/32px.png" "sha256-IUBiB5JUSvyDa+m/wecmHB8s3Wfu0JK98bJ+ZRZ5ybQ="; + definedAliases = [ "@steamdb" ]; + }; + + "WolframAlpha" = { + urls = [ { template = "https://www.wolframalpha.com/input?i={searchTerms}"; } ]; + icon = getIcon "https://www.wolframalpha.com/_next/static/images/favicon_1zbE9hjk.ico" "sha256-S9k7AlBQiDElBCGopJ8xfBD6dIhGU+EBh8t1QYbP2S4="; + definedAliases = [ + "@wolframalpha" + "@wa" + ]; + }; + + "Yahoo" = { + urls = [ { template = "https://yahoo.com/search/?text={searchTerms}"; } ]; + icon = getIcon "https://yahoostatic.net/s3/web4static/_/v2/oxjfXL1EO-B5Arm80ZrL00p0al4.png" "sha256-gvYh4oCZEO7BL2QZ6QvQFlmFiP2L4SLJrxAsKFcG6G4="; + definedAliases = [ + "@yahoo" + "@ya" + ]; + }; + + "YouTube" = { + urls = [ { template = "https://yewtu.be/search?q={}"; } ]; + icon = getIcon "https://www.youtube.com/s/desktop/280a3f09/img/favicon.ico" "sha256-i7HQ+kOhdDbVndVG9vdMdtxEc13vdSLCLYAxFm24kR0="; + definedAliases = [ + "@youtube" + "@yt" + ]; + }; + }; + }; - "Rust Std" = { - urls = [{template = "https://doc.rust-lang.org/std/?search={searchTerms}";}]; - icon = - getIcon - "https://www.rust-lang.org/static/images/favicon-32x32.png" - "sha256-l2y4jpnODbua4dyLvXTMBlHVkoDPM9y00l6L61so7eA="; - definedAliases = ["@ruststd" "@rust"]; - }; + # NOTE This silently overrides all other bookmarks. + bookmarks = [ + { + name = "Bookmarks Toolbar"; + toolbar = true; + bookmarks = with config.nixfiles.modules; [ + (mkIf syncthing.enable { + name = "Syncthing"; + url = "http://${config.services.syncthing.guiAddress}"; + }) + (mkIf ipfs.enable { + name = "IPFS"; + url = "http://127.0.0.1:${toString ipfs.apiPort}/webui"; + }) + ]; + } + ]; - "SourceHut" = { - urls = [{template = "https://sr.ht/projects?search={searchTerms}";}]; - icon = - getIcon - "https://sr.ht/static/logo.png" - "sha256-NBzKZhqE9//zVJlOwYiwyW/jRFh8+nS2YvC3zMCQ1fU="; - definedAliases = ["@sourcehut" "@srht"]; + # https://github.com/arkenfox/user.js/blob/master/user.js + arkenfox = { + enable = true; + "0000".enable = true; + "0100" = { + enable = true; + "0103"."browser.startup.homepage".value = "about:blank"; }; - - "SteamDB" = { - urls = [{template = "https://steamdb.info/search/?a=app&q={searchTerms}";}]; - icon = - getIcon - "https://steamdb.info/static/logos/32px.png" - "sha256-IUBiB5JUSvyDa+m/wecmHB8s3Wfu0JK98bJ+ZRZ5ybQ="; - definedAliases = ["@steamdb"]; + "0200".enable = true; + "0300".enable = true; + "0400" = { + enable = true; + "0401"."browser.safebrowsing.phishing.enabled".enable = true; + "0402"."browser.safebrowsing.downloads.enabled".enable = true; + "0404" = { + "browser.safebrowsing.downloads.remote.block_potentially_unwanted".enable = true; + "browser.safebrowsing.downloads.remote.block_uncommon".enable = true; + }; + "0405"."browser.safebrowsing.allowOverride".enable = true; }; - - "WolframAlpha" = { - urls = [{template = "https://www.wolframalpha.com/input?i={searchTerms}";}]; - icon = - getIcon - "https://www.wolframalpha.com/_next/static/images/favicon_1zbE9hjk.ico" - "sha256-S9k7AlBQiDElBCGopJ8xfBD6dIhGU+EBh8t1QYbP2S4="; - definedAliases = ["@wolframalpha" "@wa"]; + "0600".enable = true; + "0700" = { + enable = true; + "0710"."network.trr.mode" = { + enable = true; + value = 5; + }; }; - - "Yahoo" = { - urls = [{template = "https://yahoo.com/search/?text={searchTerms}";}]; - icon = - getIcon - "https://yahoostatic.net/s3/web4static/_/v2/oxjfXL1EO-B5Arm80ZrL00p0al4.png" - "sha256-gvYh4oCZEO7BL2QZ6QvQFlmFiP2L4SLJrxAsKFcG6G4="; - definedAliases = ["@yahoo" "@ya"]; + "0800" = { + enable = true; + "0830" = { + "browser.search.separatePrivateDefault" = { + enable = true; + value = false; + }; + "browser.search.separatePrivateDefault.ui.enabled" = { + enable = true; + value = false; + }; + }; }; - - "YouTube" = { - urls = [{template = "https://yewtu.be/search?q={}";}]; - icon = - getIcon - "https://www.youtube.com/s/desktop/280a3f09/img/favicon.ico" - "sha256-i7HQ+kOhdDbVndVG9vdMdtxEc13vdSLCLYAxFm24kR0="; - definedAliases = ["@youtube" "@yt"]; + "0900".enable = true; + "1000" = { + enable = true; + "1001".enable = false; + }; + "1200".enable = true; + "1600".enable = true; + "1700".enable = true; + "2000".enable = true; + "2400".enable = true; + "2600" = { + enable = true; + "2615"."permissions.default.shortcuts".enable = true; }; - }; - }; - - # NOTE This silently overrides all other bookmarks. - bookmarks = [ - { - name = "Bookmarks Toolbar"; - toolbar = true; - bookmarks = with config.nixfiles.modules; [ - (mkIf syncthing.enable { - name = "Syncthing"; - url = "http://${config.services.syncthing.guiAddress}"; - }) - (mkIf ipfs.enable { - name = "IPFS"; - url = "http://127.0.0.1:${toString ipfs.apiPort}/webui"; - }) - ]; - } - ]; - - # https://github.com/arkenfox/user.js/blob/master/user.js - arkenfox = { - enable = true; - "0000".enable = true; - "0100" = { - enable = true; - "0103"."browser.startup.homepage".value = "about:blank"; - }; - "0200".enable = true; - "0300".enable = true; - "0400" = { - enable = true; - "0401"."browser.safebrowsing.phishing.enabled".enable = true; - "0402"."browser.safebrowsing.downloads.enabled".enable = true; - "0404" = { - "browser.safebrowsing.downloads.remote.block_potentially_unwanted".enable = true; - "browser.safebrowsing.downloads.remote.block_uncommon".enable = true; + "2700".enable = true; + "2800" = { + enable = true; + "2811"."privacy.clearOnShutdown.history".value = false; }; - "0405"."browser.safebrowsing.allowOverride".enable = true; - }; - "0600".enable = true; - "0700" = { - enable = true; - "0710"."network.trr.mode" = { + "4500" = { enable = true; - value = 5; + "4502".enable = false; + "4504".enable = false; }; - }; - "0800" = { - enable = true; - "0830" = { - "browser.search.separatePrivateDefault" = { - enable = true; - value = false; - }; - "browser.search.separatePrivateDefault.ui.enabled" = { - enable = true; - value = false; + "5000" = { + enable = true; + "5003"."signon.rememberSignons".enable = true; + "5017" = { + "extensions.formautofill.addresses.enabled".enable = true; + "extensions.formautofill.creditCards.enabled".enable = true; }; + "5019"."browser.pagethumbnails.capturing_disabled".enable = true; }; - }; - "0900".enable = true; - "1000" = { - enable = true; - "1001".enable = false; - }; - "1200".enable = true; - "1600".enable = true; - "1700".enable = true; - "2000".enable = true; - "2400".enable = true; - "2600" = { - enable = true; - "2615"."permissions.default.shortcuts".enable = true; - }; - "2700".enable = true; - "2800" = { - enable = true; - "2811"."privacy.clearOnShutdown.history".value = false; - }; - "4500" = { - enable = true; - "4502".enable = false; - "4504".enable = false; - }; - "5000" = { - enable = true; - "5003"."signon.rememberSignons".enable = true; - "5017" = { - "extensions.formautofill.addresses.enabled".enable = true; - "extensions.formautofill.creditCards.enabled".enable = true; + "5500" = { + enable = true; + "5508"."media.eme.enabled".enable = true; + "5508"."browser.eme.ui.enabled".enable = true; }; - "5019"."browser.pagethumbnails.capturing_disabled".enable = true; + "6000".enable = true; + "7000".enable = true; + "8000".enable = true; + "9000".enable = true; }; - "5500" = { - enable = true; - "5508"."media.eme.enabled".enable = true; - "5508"."browser.eme.ui.enabled".enable = true; - }; - "6000".enable = true; - "7000".enable = true; - "8000".enable = true; - "9000".enable = true; - }; - settings = { - "app.update.auto" = false; - "browser.backspace_action" = 0; - "browser.disableResetPrompt" = true; - "browser.download.autohideButton" = false; - "browser.newtabpage.introShown" = true; - "browser.newtabpage.pinned" = ""; - "browser.onboarding.enabled" = false; - "browser.open.lastDir" = config.my.home; - "browser.protections_panel.infoMessage.seen" = true; - "browser.region.update.region" = "US"; - "browser.search.region" = "US"; - "browser.search.update" = false; - "browser.shell.checkDefaultBrowser" = false; - "browser.tabs.closeWindowWithLastTab" = true; - "browser.tabs.firefox-view" = false; - "browser.tabs.firefox-view-next" = false; - "browser.tabs.inTitlebar" = 0; - "browser.tabs.tabmanager.enabled" = false; - "browser.tabs.warnOnClose" = false; - "browser.tabs.warnOnCloseOtherTabs" = false; - "browser.tabs.warnOnOpen" = false; - "browser.toolbars.bookmarks.visibility" = "newtab"; - "browser.translations.enable" = false; - "browser.urlbar.decodeURLsOnCopy" = true; - "browser.urlbar.suggest.engines" = false; - "browser.warnOnQuitShortcut" = false; - "devtools.everOpened" = true; - "doh-rollout.home-region" = "US"; - "extensions.pocket.enabled" = false; - "extensions.update.autoUpdateDefault" = false; - "extensions.update.enabled" = false; - "full-screen-api.warning.delay" = 0; - "full-screen-api.warning.timeout" = 0; - "general.autoScroll" = true; - "general.smoothScroll" = true; - "identity.fxaccounts.enabled" = false; - "media.autoplay.blocking_policy" = 2; - "media.autoplay.default" = 5; - "media.hardwaremediakeys.enabled" = false; - "reader.parse-on-load.enabled" = false; - "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + settings = { + "app.update.auto" = false; + "browser.backspace_action" = 0; + "browser.disableResetPrompt" = true; + "browser.download.autohideButton" = false; + "browser.newtabpage.introShown" = true; + "browser.newtabpage.pinned" = ""; + "browser.onboarding.enabled" = false; + "browser.open.lastDir" = config.my.home; + "browser.protections_panel.infoMessage.seen" = true; + "browser.region.update.region" = "US"; + "browser.search.region" = "US"; + "browser.search.update" = false; + "browser.shell.checkDefaultBrowser" = false; + "browser.tabs.closeWindowWithLastTab" = true; + "browser.tabs.firefox-view" = false; + "browser.tabs.firefox-view-next" = false; + "browser.tabs.inTitlebar" = 0; + "browser.tabs.tabmanager.enabled" = false; + "browser.tabs.warnOnClose" = false; + "browser.tabs.warnOnCloseOtherTabs" = false; + "browser.tabs.warnOnOpen" = false; + "browser.toolbars.bookmarks.visibility" = "newtab"; + "browser.translations.enable" = false; + "browser.urlbar.decodeURLsOnCopy" = true; + "browser.urlbar.suggest.engines" = false; + "browser.warnOnQuitShortcut" = false; + "devtools.everOpened" = true; + "doh-rollout.home-region" = "US"; + "extensions.pocket.enabled" = false; + "extensions.update.autoUpdateDefault" = false; + "extensions.update.enabled" = false; + "full-screen-api.warning.delay" = 0; + "full-screen-api.warning.timeout" = 0; + "general.autoScroll" = true; + "general.smoothScroll" = true; + "identity.fxaccounts.enabled" = false; + "media.autoplay.blocking_policy" = 2; + "media.autoplay.default" = 5; + "media.hardwaremediakeys.enabled" = false; + "reader.parse-on-load.enabled" = false; + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + }; }; - }; }; }; }; diff --git a/modules/nixos/foot.nix b/modules/nixos/foot.nix new file mode 100644 index 0000000..502e143 --- /dev/null +++ b/modules/nixos/foot.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.foot; +in +{ + options.nixfiles.modules.foot.enable = mkEnableOption "Foot terminal emulator"; + + config = mkIf cfg.enable { + hm = { + home.packages = with pkgs; [ libsixel ]; + + programs.foot = { + enable = true; + settings = { + main = { + utmp-helper = "${pkgs.libutempter}/lib/utempter/utempter"; + pad = + let + n = toString config.stylix.fonts.sizes.terminal; + in + "${n}x${n}"; + }; + scrollback.lines = pow 2 14; + }; + }; + }; + }; +} diff --git a/modules/nixos/games/default.nix b/modules/nixos/games/default.nix index 78aae62..585164e 100644 --- a/modules/nixos/games/default.nix +++ b/modules/nixos/games/default.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.games; -in { +in +{ imports = [ ./gamemode.nix ./lutris.nix @@ -15,8 +13,7 @@ in { ./steam.nix ]; - options.nixfiles.modules.games.enable32BitSupport = - mkEnableOption "support for games"; + options.nixfiles.modules.games.enable32BitSupport = mkEnableOption "support for games"; config = mkIf cfg.enable32BitSupport { services = { diff --git a/modules/nixos/games/gamemode.nix b/modules/nixos/games/gamemode.nix index 193a764..eb485f8 100644 --- a/modules/nixos/games/gamemode.nix +++ b/modules/nixos/games/gamemode.nix @@ -1,18 +1,13 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.games.gamemode; -in { - options.nixfiles.modules.games.gamemode.enable = - mkEnableOption "Feral GameMode"; +in +{ + options.nixfiles.modules.games.gamemode.enable = mkEnableOption "Feral GameMode"; config = mkIf cfg.enable { - hm.xdg.configFile."gamemode.ini".text = generators.toINI {} { - general.softrealtime = "auto"; - }; + hm.xdg.configFile."gamemode.ini".text = generators.toINI { } { general.softrealtime = "auto"; }; programs.gamemode.enable = true; }; diff --git a/modules/nixos/games/lutris.nix b/modules/nixos/games/lutris.nix index f130be3..62fe521 100644 --- a/modules/nixos/games/lutris.nix +++ b/modules/nixos/games/lutris.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.games.lutris; -in { +in +{ options.nixfiles.modules.games.lutris.enable = mkEnableOption "Lutris"; config = mkIf cfg.enable { diff --git a/modules/nixos/games/mangohud.nix b/modules/nixos/games/mangohud.nix index 509e035..955f50c 100644 --- a/modules/nixos/games/mangohud.nix +++ b/modules/nixos/games/mangohud.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.games.mangohud; -in { +in +{ options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud"; config = mkIf cfg.enable { diff --git a/modules/nixos/games/minecraft.nix b/modules/nixos/games/minecraft.nix index 8a1a0b5..6e163dc 100644 --- a/modules/nixos/games/minecraft.nix +++ b/modules/nixos/games/minecraft.nix @@ -5,10 +5,12 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.games.minecraft; -in { - imports = [inputs.minecraft.nixosModules.minecraft-servers]; +in +{ + imports = [ inputs.minecraft.nixosModules.minecraft-servers ]; options.nixfiles.modules.games.minecraft = { client.enable = mkEnableOption "Minecraft client"; @@ -30,13 +32,11 @@ in { }; config = mkMerge [ - (mkIf cfg.client.enable { - hm.home.packages = [pkgs.prismlauncher]; - }) + (mkIf cfg.client.enable { hm.home.packages = [ pkgs.prismlauncher ]; }) (mkIf cfg.server.enable { - nixfiles.modules.common.nix.allowedUnfreePackages = ["minecraft-server"]; + nixfiles.modules.common.nix.allowedUnfreePackages = [ "minecraft-server" ]; - ark.directories = [config.services.minecraft-servers.dataDir]; + ark.directories = [ config.services.minecraft-servers.dataDir ]; services.minecraft-servers = { enable = true; @@ -78,9 +78,9 @@ in { }; }; - nixpkgs.overlays = [inputs.minecraft.overlay]; + nixpkgs.overlays = [ inputs.minecraft.overlay ]; - my.extraGroups = [config.services.minecraft-servers.group]; + my.extraGroups = [ config.services.minecraft-servers.group ]; }) ]; } diff --git a/modules/nixos/games/steam-run.nix b/modules/nixos/games/steam-run.nix index fc51c85..cfee8ae 100644 --- a/modules/nixos/games/steam-run.nix +++ b/modules/nixos/games/steam-run.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.games.steam-run; -in { +in +{ options.nixfiles.modules.games.steam-run = { enable = mkEnableOption "native Steam runtime"; @@ -19,7 +21,10 @@ in { config = mkIf cfg.enable { nixfiles.modules = { - common.nix.allowedUnfreePackages = ["steam" "steam-run"]; + common.nix.allowedUnfreePackages = [ + "steam" + "steam-run" + ]; games = { enable32BitSupport = true; @@ -30,46 +35,55 @@ in { hm.home.packages = with pkgs; [ (steam.override { - extraLibraries = _: + extraLibraries = + _: with cfg.quirks; - optional blackIsleStudios openssl_1_0_0 - ++ optionals cryptOfTheNecrodancer [ - (import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz"; - sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy"; - }) {inherit (config.nixpkgs) config localSystem;}) - .flac - ] - ++ optionals mountAndBladeWarband [ - (glew.overrideAttrs (_: super: let + optional blackIsleStudios openssl_1_0_0 + ++ optionals cryptOfTheNecrodancer [ + (import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz"; + sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy"; + }) { inherit (config.nixpkgs) config localSystem; }).flac + ] + ++ optionals mountAndBladeWarband [ + (glew.overrideAttrs ( + _: super: + let opname = super.pname; - in rec { + in + rec { pname = "${opname}-steam-run-fix"; inherit (super) version; src = fetchurl { url = "mirror://sourceforge/${opname}/${opname}-${version}.tgz"; hash = "sha256-BN6R5+Z2MDm8EZQAlc2cf4gLq6ghlqd2X3J6wFqZPJU="; }; - })) - (fmodex.overrideAttrs (_: super: let + } + )) + (fmodex.overrideAttrs ( + _: super: + let opname = super.pname; - in rec { + in + rec { pname = "${opname}-steam-run-fix"; inherit (super) version; - installPhase = let - libPath = makeLibraryPath [ - alsa-lib - libpulseaudio - stdenv.cc.cc - ]; - in '' - install -Dm755 api/lib/libfmodex64-${version}.so $out/lib/libfmodex64.so - patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so - ''; - })) - ]; - }) - .run + installPhase = + let + libPath = makeLibraryPath [ + alsa-lib + libpulseaudio + stdenv.cc.cc + ]; + in + '' + install -Dm755 api/lib/libfmodex64-${version}.so $out/lib/libfmodex64.so + patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so + ''; + } + )) + ]; + }).run ]; }; } diff --git a/modules/nixos/games/steam.nix b/modules/nixos/games/steam.nix index 7262d7f..5883b0e 100644 --- a/modules/nixos/games/steam.nix +++ b/modules/nixos/games/steam.nix @@ -4,15 +4,19 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.games.steam; -in { - options.nixfiles.modules.games.steam.enable = - mkEnableOption "Steam runtime"; +in +{ + options.nixfiles.modules.games.steam.enable = mkEnableOption "Steam runtime"; config = mkIf cfg.enable { nixfiles.modules = { - common.nix.allowedUnfreePackages = ["steam" "steam-original"]; + common.nix.allowedUnfreePackages = [ + "steam" + "steam-original" + ]; games = { enable32BitSupport = true; @@ -22,7 +26,7 @@ in { }; hm.home.packages = with pkgs; [ - (steam.override {extraEnv.MANGOHUD = 1;}) + (steam.override { extraEnv.MANGOHUD = 1; }) protontricks ]; }; diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix index cbeb48a..34ca200 100644 --- a/modules/nixos/git/default.nix +++ b/modules/nixos/git/default.nix @@ -6,9 +6,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.git; -in { +in +{ options.nixfiles.modules.git.server = { enable = mkEnableOption "Git server"; @@ -26,59 +28,59 @@ in { }; config = mkIf cfg.server.enable { - ark.directories = [ - config.services.gitolite.dataDir - ]; + ark.directories = [ config.services.gitolite.dataDir ]; nixfiles.modules.nginx = { enable = true; virtualHosts.${cfg.server.domain} = { locations = { - "/".extraConfig = let - cgitrc = pkgs.writeText "cgitrc" '' - root-title=github sux (⩺_⩹) - root-desc=https://github.com/azahi + "/".extraConfig = + let + cgitrc = pkgs.writeText "cgitrc" '' + root-title=github sux (⩺_⩹) + root-desc=https://github.com/azahi - clone-url=https://${cfg.server.domain}/$CGIT_REPO_URL + clone-url=https://${cfg.server.domain}/$CGIT_REPO_URL - logo=/cgit-custom-logo.gif - favicon=/cgit-custom-favicon.gif - css=/cgit-custom-style.css + logo=/cgit-custom-logo.gif + favicon=/cgit-custom-favicon.gif + css=/cgit-custom-style.css - about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh - source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py - commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh + about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh + source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py + commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh - enable-git-config=1 - enable-gitweb-owner=1 - remove-suffix=1 + enable-git-config=1 + enable-gitweb-owner=1 + remove-suffix=1 - readme=:README - readme=:README.md - readme=:README.org - readme=:README.txt - readme=:readme - readme=:readme.md - readme=:readme.org - readme=:readme.txt + readme=:README + readme=:README.md + readme=:README.org + readme=:README.txt + readme=:readme + readme=:readme.md + readme=:readme.org + readme=:readme.txt - scan-path=${config.services.gitolite.dataDir}/repositories - ''; - in '' - include ${config.services.nginx.package}/conf/fastcgi_params; - fastcgi_split_path_info ^(/?)(.+)$; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; - fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; - fastcgi_param CGIT_CONFIG ${cgitrc}; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; + scan-path=${config.services.gitolite.dataDir}/repositories + ''; + in + '' + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_split_path_info ^(/?)(.+)$; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; + fastcgi_param CGIT_CONFIG ${cgitrc}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; - ${libNginx.config.appendHead [ - ''<meta name="go-import" content="$host$uri git https://$host$uri">'' - (libPlausible.htmlPlausibleScript {inherit (cfg.server) domain;}) - ]} - ''; + ${libNginx.config.appendHead [ + ''<meta name="go-import" content="$host$uri git https://$host$uri">'' + (libPlausible.htmlPlausibleScript { inherit (cfg.server) domain; }) + ]} + ''; "~* ^.+(cgit.css|robots.txt)$".extraConfig = '' root ${cfg.server.package}/cgit; ''; @@ -88,43 +90,47 @@ in { "~* ^.+cgit-custom-favicon.gif$".extraConfig = '' alias ${./favicon.ico}; ''; - "~* ^.+cgit-custom-style.css$".extraConfig = let - css = pkgs.writeText "custom.css" '' - @import url("cgit.css"); + "~* ^.+cgit-custom-style.css$".extraConfig = + let + css = pkgs.writeText "custom.css" '' + @import url("cgit.css"); - div#cgit { - font-family: monospace; - -moz-tab-size: 4; - tab-size: 4; - } + div#cgit { + font-family: monospace; + -moz-tab-size: 4; + tab-size: 4; + } + ''; + in + '' + alias ${css}; ''; - in '' - alias ${css}; - ''; }; }; }; - services = let - user = "git"; - group = "git"; - in { - gitolite = { - enable = true; - inherit user group; - adminPubkey = my.ssh.key; - extraGitoliteRc = '' - # This allows hiding repositories via "cgit.ignore"[1]. - # - # [1]: https://www.omarpolo.com/post/cgit-gitolite.html - $RC{GIT_CONFIG_KEYS} = '.*'; - ''; - }; + services = + let + user = "git"; + group = "git"; + in + { + gitolite = { + enable = true; + inherit user group; + adminPubkey = my.ssh.key; + extraGitoliteRc = '' + # This allows hiding repositories via "cgit.ignore"[1]. + # + # [1]: https://www.omarpolo.com/post/cgit-gitolite.html + $RC{GIT_CONFIG_KEYS} = '.*'; + ''; + }; - fcgiwrap = { - enable = true; - inherit user group; + fcgiwrap = { + enable = true; + inherit user group; + }; }; - }; }; } diff --git a/modules/nixos/gnupg.nix b/modules/nixos/gnupg.nix index 5300554..ad2c939 100644 --- a/modules/nixos/gnupg.nix +++ b/modules/nixos/gnupg.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.gnupg; -in { +in +{ options.nixfiles.modules.gnupg.pinentry = mkOption { description = "Name of a pinentry implementation."; type = types.package; @@ -30,7 +32,7 @@ in { grabKeyboardAndMouse = true; - sshKeys = [my.pgp.grip]; + sshKeys = [ my.pgp.grip ]; pinentryPackage = cfg.pinentry; }; diff --git a/modules/nixos/gotify.nix b/modules/nixos/gotify.nix index 4bdd4fa..ad9b277 100644 --- a/modules/nixos/gotify.nix +++ b/modules/nixos/gotify.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.gotify; -in { +in +{ options.nixfiles.modules.gotify = { enable = mkEnableOption "Gotify"; @@ -17,14 +19,15 @@ in { }; }; - config = let - db = "gotify"; - in + config = + let + db = "gotify"; + in mkIf cfg.enable { nixfiles.modules = { nginx = { enable = true; - upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = {}; + upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = { }; virtualHosts.${cfg.domain} = { locations."/" = { proxyPass = "http://gotify"; @@ -50,7 +53,7 @@ in { }; postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; @@ -61,7 +64,10 @@ in { }; systemd.services.gotify-server = { - after = ["network-online.target" "postgresql.service"]; + after = [ + "network-online.target" + "postgresql.service" + ]; environment = { GOTIFY_DATABASE_DIALECT = "postgres"; GOTIFY_DATABASE_CONNECTION = concatStringsSep " " [ diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix index 2f32225..233c9e5 100644 --- a/modules/nixos/grafana.nix +++ b/modules/nixos/grafana.nix @@ -5,9 +5,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.grafana; -in { +in +{ options.nixfiles.modules.grafana = { enable = mkEnableOption "Grafana"; @@ -24,11 +26,12 @@ in { }; }; - config = let - db = "grafana"; - in + config = + let + db = "grafana"; + in mkIf cfg.enable { - ark.directories = [config.services.grafana.dataDir]; + ark.directories = [ config.services.grafana.dataDir ]; secrets = { grafana-key = { @@ -51,7 +54,7 @@ in { nixfiles.modules = { nginx = { enable = true; - upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${cfg.domain} = { locations."/" = { proxyPass = "http://grafana"; @@ -109,7 +112,7 @@ in { }; postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; diff --git a/modules/nixos/hydra.nix b/modules/nixos/hydra.nix index ec3297c..85b89ab 100644 --- a/modules/nixos/hydra.nix +++ b/modules/nixos/hydra.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.hydra; -in { +in +{ options.nixfiles.modules.hydra = { enable = mkEnableOption "Hydra"; @@ -26,32 +24,34 @@ in { nixfiles.modules = { nginx = { enable = true; - upstreams.hydra.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.hydra.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://hydra"; }; postgresql.enable = true; }; - services = let - db = "hydra"; - in { - hydra = { - enable = true; - listenHost = "127.0.0.1"; - inherit (cfg) port; - dbi = "dbi:Pg:dbname=${db};user=${db}"; - hydraURL = cfg.domain; - }; + services = + let + db = "hydra"; + in + { + hydra = { + enable = true; + listenHost = "127.0.0.1"; + inherit (cfg) port; + dbi = "dbi:Pg:dbname=${db};user=${db}"; + hydraURL = cfg.domain; + }; - postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensureDBOwnership = true; - } - ]; + postgresql = { + ensureDatabases = [ db ]; + ensureUsers = [ + { + name = db; + ensureDBOwnership = true; + } + ]; + }; }; - }; }; } diff --git a/modules/nixos/incus.nix b/modules/nixos/incus.nix index 14bbc1d..184aa03 100644 --- a/modules/nixos/incus.nix +++ b/modules/nixos/incus.nix @@ -1,15 +1,13 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.incus; -in { +in +{ options.nixfiles.modules.incus.enable = mkEnableOption "Incus"; config = mkIf cfg.enable { - ark.directories = ["/var/lib/incus"]; + ark.directories = [ "/var/lib/incus" ]; virtualisation.incus = { enable = true; @@ -55,7 +53,7 @@ in { }; }; - networking.firewall.trustedInterfaces = ["incusbr0"]; + networking.firewall.trustedInterfaces = [ "incusbr0" ]; # FIXME https://nixpk.gs/pr-tracker.html?pr=295364 # systemd.services.incus.path = mkForce [ @@ -63,6 +61,6 @@ in { # "${config.boot.zfs.package}/lib/udev" # ]; - my.extraGroups = ["incus-admin"]; + my.extraGroups = [ "incus-admin" ]; }; } diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix index 99ce6c9..cd28372 100644 --- a/modules/nixos/ipfs.nix +++ b/modules/nixos/ipfs.nix @@ -5,13 +5,15 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.ipfs; gatewayDefaultPort = 6001; apiDefaultPort = 5001; swarmDefaultPort = 4001; -in { +in +{ options.nixfiles.modules.ipfs = { enable = mkEnableOption "IPFS daemon"; @@ -24,19 +26,13 @@ in { gatewayPort = mkOption { description = "Gateway port."; type = with types; port; - default = - if this.isHeadless - then gatewayDefaultPort + 990 - else gatewayDefaultPort; + default = if this.isHeadless then gatewayDefaultPort + 990 else gatewayDefaultPort; }; apiPort = mkOption { description = "API port."; type = with types; port; - default = - if this.isHeadless - then apiDefaultPort + 990 - else apiDefaultPort; + default = if this.isHeadless then apiDefaultPort + 990 else apiDefaultPort; }; swarmPort = mkOption { @@ -86,22 +82,25 @@ in { "/ip4/10.0.0.0/ipcidr/8" "/ip6/fc00::/ipcidr/7" ]; - in { + in + { Addresses = { API = "/ip4/127.0.0.1/tcp/${toString cfg.apiPort}"; Gateway = "/ip4/127.0.0.1/tcp/${toString cfg.gatewayPort}"; - Swarm = let - port = toString cfg.swarmPort; - in [ - "/ip4/0.0.0.0/tcp/${port}" - "/ip6/::/tcp/${port}" - "/ip4/0.0.0.0/udp/${port}/quic" - "/ip4/0.0.0.0/udp/${port}/quic-v1" - "/ip4/0.0.0.0/udp/${port}/quic-v1/webtransport" - "/ip6/::/udp/${port}/quic" - "/ip6/::/udp/${port}/quic-v1" - "/ip6/::/udp/${port}/quic-v1/webtransport" - ]; + Swarm = + let + port = toString cfg.swarmPort; + in + [ + "/ip4/0.0.0.0/tcp/${port}" + "/ip6/::/tcp/${port}" + "/ip4/0.0.0.0/udp/${port}/quic" + "/ip4/0.0.0.0/udp/${port}/quic-v1" + "/ip4/0.0.0.0/udp/${port}/quic-v1/webtransport" + "/ip6/::/udp/${port}/quic" + "/ip6/::/udp/${port}/quic-v1" + "/ip6/::/udp/${port}/quic-v1/webtransport" + ]; NoAnnounce = filterAddresses; }; @@ -116,7 +115,7 @@ in { }; networking.firewall = rec { - allowedTCPPorts = [swarmDefaultPort]; + allowedTCPPorts = [ swarmDefaultPort ]; allowedUDPPorts = allowedTCPPorts; }; } @@ -124,8 +123,8 @@ in { nixfiles.modules.nginx = { enable = true; upstreams = with cfg; { - kubo_gateway.servers."127.0.0.1:${toString gatewayPort}" = {}; - kubo_api.servers."127.0.0.1:${toString apiPort}" = {}; + kubo_gateway.servers."127.0.0.1:${toString gatewayPort}" = { }; + kubo_api.servers."127.0.0.1:${toString apiPort}" = { }; }; virtualHosts = { ${cfg.domain} = { @@ -135,9 +134,7 @@ in { "api.${cfg.domain}" = { locations = { "/".proxyPass = "http://kubo_api"; - "~ ^/$".return = "301 http${ - optionalString config.nixfiles.modules.acme.enable "s" - }://api.${cfg.domain}/webui"; + "~ ^/$".return = "301 http${optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui"; }; extraConfig = libNginx.config.internalOnly; }; diff --git a/modules/nixos/jackett.nix b/modules/nixos/jackett.nix index 772e0e9..492e77a 100644 --- a/modules/nixos/jackett.nix +++ b/modules/nixos/jackett.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.jackett; -in { +in +{ options.nixfiles.modules.jackett = { enable = mkEnableOption "Jackett"; @@ -18,11 +20,11 @@ in { }; config = mkIf cfg.enable { - ark.directories = ["/var/lib/jackett"]; + ark.directories = [ "/var/lib/jackett" ]; nixfiles.modules.nginx = { enable = true; - upstreams.jackett.servers."127.0.0.1:9117" = {}; + upstreams.jackett.servers."127.0.0.1:9117" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://jackett"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/k3s.nix b/modules/nixos/k3s.nix index 016eb50..a6efd9f 100644 --- a/modules/nixos/k3s.nix +++ b/modules/nixos/k3s.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.k3s; -in { +in +{ options.nixfiles.modules.k3s = { enable = mkEnableOption "K3s"; }; diff --git a/modules/nixos/kde.nix b/modules/nixos/kde.nix index 2f6aa92..333e9f7 100644 --- a/modules/nixos/kde.nix +++ b/modules/nixos/kde.nix @@ -4,20 +4,25 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.kde; -in { +in +{ options.nixfiles.modules.kde.enable = mkEnableOption "KDE Plasma"; config = mkIf cfg.enable { nixfiles.modules = { - common.xdg.defaultApplications."org.kde.dolphin" = ["inode/directory"]; + common.xdg.defaultApplications."org.kde.dolphin" = [ "inode/directory" ]; gnupg.pinentry = pkgs.pinentry-qt; sound.enable = true; }; hm = { + # Fucking broken. I don't want to bother with fixing this shit now. + stylix.targets.kde.enable = false; + programs.firefox.profiles.default.settings = { "widget.use-xdg-desktop-portal.file-picker" = 1; "widget.use-xdg-desktop-portal.mime-handler" = 1; @@ -31,15 +36,13 @@ in { xdg.configFile = { "fontconfig/conf.d/10-hm-fonts.conf".force = mkForce true; "mimeapps.list".force = mkForce true; - "kcminputrc".text = generators.toINI {} { + "kcminputrc".text = generators.toINI { } { Keyboard = with config.services.xserver; { RepeatDelay = autoRepeatDelay; RepeatRate = autoRepeatInterval; }; }; - "baloofilerc".text = generators.toINI {} { - "Basic Settings"."Indexing-Enabled" = false; - }; + "baloofilerc".text = generators.toINI { } { "Basic Settings"."Indexing-Enabled" = false; }; }; }; diff --git a/modules/nixos/libvirtd.nix b/modules/nixos/libvirtd.nix index 0d58f5e..009fd24 100644 --- a/modules/nixos/libvirtd.nix +++ b/modules/nixos/libvirtd.nix @@ -4,13 +4,15 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.libvirtd; -in { +in +{ options.nixfiles.modules.libvirtd.enable = mkEnableOption "libvirtd"; config = mkIf cfg.enable { - ark.directories = ["/var/lib/libvirt"]; + ark.directories = [ "/var/lib/libvirt" ]; hm.home.packages = with pkgs; [ bridge-utils @@ -36,7 +38,7 @@ in { ovmf = { enable = true; - packages = [pkgs.OVMFFull.fd]; + packages = [ pkgs.OVMFFull.fd ]; }; swtpm = { @@ -46,6 +48,6 @@ in { }; }; - my.extraGroups = ["libvirtd"]; + my.extraGroups = [ "libvirtd" ]; }; } diff --git a/modules/nixos/lidarr.nix b/modules/nixos/lidarr.nix index 9b166cf..84d363b 100644 --- a/modules/nixos/lidarr.nix +++ b/modules/nixos/lidarr.nix @@ -5,9 +5,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.lidarr; -in { +in +{ options.nixfiles.modules.lidarr = { enable = mkEnableOption "Lidarr"; @@ -21,11 +23,11 @@ in { config = mkIf cfg.enable { secrets.lidarr-api-key.file = "${inputs.self}/secrets/lidarr-api-key"; - ark.directories = ["/var/lib/lidarr"]; + ark.directories = [ "/var/lib/lidarr" ]; nixfiles.modules.nginx = { enable = true; - upstreams.lidarr.servers."127.0.0.1:8686" = {}; + upstreams.lidarr.servers."127.0.0.1:8686" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://lidarr"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/loki.nix b/modules/nixos/loki.nix index ce19004..c446848 100644 --- a/modules/nixos/loki.nix +++ b/modules/nixos/loki.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.loki; -in { +in +{ options.nixfiles.modules.loki = { enable = mkEnableOption "Loki"; @@ -24,11 +26,11 @@ in { }; config = mkIf cfg.enable { - ark.directories = [config.services.loki.configuration.common.path_prefix]; + ark.directories = [ config.services.loki.configuration.common.path_prefix ]; nixfiles.modules.nginx = with cfg; { enable = true; - upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${domain} = { locations."/".proxyPass = "http://loki"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index c65b55b..5e8a7e4 100644 --- a/modules/nixos/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix @@ -5,9 +5,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.matrix.dendrite; -in { +in +{ options.nixfiles.modules.matrix.dendrite = { enable = mkEnableOption "Dendrite Matrix server"; @@ -24,9 +26,10 @@ in { }; }; - config = let - db = "dendrite"; - in + config = + let + db = "dendrite"; + in mkIf cfg.enable { ark.directories = [ "/var/lib/dendrite" @@ -46,25 +49,21 @@ in { nixfiles.modules = { nginx = { enable = true; - upstreams.dendrite.servers."127.0.0.1:${toString config.services.dendrite.httpPort}" = {}; + upstreams.dendrite.servers."127.0.0.1:${toString config.services.dendrite.httpPort}" = { }; virtualHosts.${cfg.domain}.locations = { "/_matrix".proxyPass = "http://dendrite"; "= /.well-known/matrix/server" = { extraConfig = '' add_header Content-Type application/json; ''; - return = "200 '${generators.toJSON {} { - "m.server" = "${cfg.domain}:443"; - }}'"; + return = "200 '${generators.toJSON { } { "m.server" = "${cfg.domain}:443"; }}'"; }; "= /.well-known/matrix/client" = { extraConfig = '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; ''; - return = "200 '${generators.toJSON {} { - "m.homeserver".base_url = "https://${cfg.domain}"; - }}'"; + return = "200 '${generators.toJSON { } { "m.homeserver".base_url = "https://${cfg.domain}"; }}'"; }; }; }; @@ -95,7 +94,7 @@ in { }; services.postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; @@ -106,118 +105,134 @@ in { systemd.services.dendrite = { description = "Dendrite Matrix homeserver"; - wantedBy = ["multi-user.target"]; - requires = ["network.target" "postgresql.service"]; - after = ["network.target" "postgresql.service"]; - serviceConfig = let - needsPrivileges = cfg.port < 1024; - capabilities = [""] ++ optionals needsPrivileges ["CAP_NET_BIND_SERVICE"]; - in { - Restart = "on-failure"; - ExecStartPre = let - settings = { - version = 2; - global = { - server_name = cfg.domain; - private_key = config.secrets.dendrite-private-key.path; - database = { - connection_string = "postgresql://${db}@/${db}?host=/run/postgresql"; - max_open_conns = 64; - max_idle_connections = 8; - }; - cache = { - max_size_estimated = "1gb"; - max_age = "1h"; - }; - trusted_third_party_id_servers = [ - "matrix.org" - "nixos.org" - "vector.im" - ]; - presence = { - enable_inbound = false; - enable_outbound = false; + wantedBy = [ "multi-user.target" ]; + requires = [ + "network.target" + "postgresql.service" + ]; + after = [ + "network.target" + "postgresql.service" + ]; + serviceConfig = + let + needsPrivileges = cfg.port < 1024; + capabilities = [ "" ] ++ optionals needsPrivileges [ "CAP_NET_BIND_SERVICE" ]; + in + { + Restart = "on-failure"; + ExecStartPre = + let + settings = { + version = 2; + global = { + server_name = cfg.domain; + private_key = config.secrets.dendrite-private-key.path; + database = { + connection_string = "postgresql://${db}@/${db}?host=/run/postgresql"; + max_open_conns = 64; + max_idle_connections = 8; + }; + cache = { + max_size_estimated = "1gb"; + max_age = "1h"; + }; + trusted_third_party_id_servers = [ + "matrix.org" + "nixos.org" + "vector.im" + ]; + presence = { + enable_inbound = false; + enable_outbound = false; + }; + }; + client_api = { + registration_disabled = true; + guests_disabled = true; + registration_shared_secret = "$REGISTRATION_SHARED_SECRET"; + }; + media_api = { + base_path = "/var/lib/dendrite/media_store"; + max_file_size_bytes = 0; + dynamic_thumbnails = true; + max_thumbnail_generators = 8; + thumbnail_sizes = [ + { + width = 32; + height = 32; + method = "crop"; + } + { + width = 96; + height = 96; + method = "crop"; + } + { + width = 640; + height = 480; + method = "scale"; + } + ]; + }; + logging = [ + { + type = "std"; + level = "warn"; + } + ]; }; - }; - client_api = { - registration_disabled = true; - guests_disabled = true; - registration_shared_secret = "$REGISTRATION_SHARED_SECRET"; - }; - media_api = { - base_path = "/var/lib/dendrite/media_store"; - max_file_size_bytes = 0; - dynamic_thumbnails = true; - max_thumbnail_generators = 8; - thumbnail_sizes = [ - { - width = 32; - height = 32; - method = "crop"; - } - { - width = 96; - height = 96; - method = "crop"; - } - { - width = 640; - height = 480; - method = "scale"; - } - ]; - }; - logging = [ - { - type = "std"; - level = "warn"; - } + in + concatStringsSep " " [ + (getExe pkgs.envsubst) + "-i ${(pkgs.formats.yaml { }).generate "dendrite.yaml" settings}" + "-o /run/dendrite/dendrite.yaml" ]; - }; - in - concatStringsSep " " [ - (getExe pkgs.envsubst) - "-i ${(pkgs.formats.yaml {}).generate "dendrite.yaml" settings}" - "-o /run/dendrite/dendrite.yaml" + ExecStart = concatStringsSep " " [ + (getExe' pkgs.dendrite "dendrite") + "--config /run/dendrite/dendrite.yaml" + "--http-bind-address 127.0.0.1:${toString cfg.port}" ]; - ExecStart = concatStringsSep " " [ - (getExe' pkgs.dendrite "dendrite") - "--config /run/dendrite/dendrite.yaml" - "--http-bind-address 127.0.0.1:${toString cfg.port}" - ]; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - EnvironmentFile = config.secrets.dendrite-environment-file.path; - DynamicUser = true; - StateDirectory = "dendrite"; - RuntimeDirectory = "dendrite"; - RuntimeDirectoryMode = "0700"; - AmbientCapabilities = capabilities; - CapabilityBoundingSet = capabilities; - UMask = "0077"; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = !needsPrivileges; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectSystem = "strict"; - ProtectProc = "noaccess"; - ProcSubset = "pid"; - RemoveIPC = true; - RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = ["@system-service" "~@privileged"]; - }; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + EnvironmentFile = config.secrets.dendrite-environment-file.path; + DynamicUser = true; + StateDirectory = "dendrite"; + RuntimeDirectory = "dendrite"; + RuntimeDirectoryMode = "0700"; + AmbientCapabilities = capabilities; + CapabilityBoundingSet = capabilities; + UMask = "0077"; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = !needsPrivileges; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + ProtectProc = "noaccess"; + ProcSubset = "pid"; + RemoveIPC = true; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; + }; }; }; } diff --git a/modules/nixos/matrix/element.nix b/modules/nixos/matrix/element.nix index 3d47800..92a2927 100644 --- a/modules/nixos/matrix/element.nix +++ b/modules/nixos/matrix/element.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.matrix.element; -in { +in +{ options.nixfiles.modules.matrix.element = { enable = mkEnableOption "Element, a Matrix web interface"; @@ -26,7 +28,8 @@ in { config = mkIf cfg.enable { assertions = [ { - assertion = with config.nixfiles.modules.matrix; + assertion = + with config.nixfiles.modules.matrix; (synapse.enable || dendrite.enable) && !(!synapse.enable && !dendrite.enable); message = "Synapse or Dendrite must be enabled"; } diff --git a/modules/nixos/monitoring/default.nix b/modules/nixos/monitoring/default.nix index 5aed215..6e5b782 100644 --- a/modules/nixos/monitoring/default.nix +++ b/modules/nixos/monitoring/default.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.monitoring; -in { +in +{ options.nixfiles.modules.monitoring.enable = mkEnableOption '' a glue to provision a monitoring stack ''; @@ -134,83 +136,93 @@ in { }; prometheus = { - scrapeConfigs = with my.configurations; + scrapeConfigs = + with my.configurations; mapAttrsToList - ( - name: value: { + (name: value: { job_name = name; static_configs = [ { - targets = with value; - map (host: + targets = + with value; + map ( + host: concatStringsSep ":" [ - ( - if isAttrs host - then host.hostname - else host - ) + (if isAttrs host then host.hostname else host) (toString port) - ]) - hosts; + ] + ) hosts; } ]; - relabel_configs = - [ - { - source_labels = ["__address__"]; - regex = "([^:]+):\\d+"; - target_label = "instance"; - } - ] - ++ optionals (hasAttr "relabel" value) value.relabel; - } - ) - { - promtail = { - hosts = [manwe varda yavanna]; - inherit (config.nixfiles.modules.promtail) port; - }; - ntfy = { - hosts = [manwe]; - inherit (config.nixfiles.modules.ntfy.prometheus) port; - }; - soju = { - hosts = ["127.0.0.1"]; - inherit (config.nixfiles.modules.soju.prometheus) port; - }; - endlessh-go = { - hosts = [manwe varda yavanna]; - inherit (config.services.endlessh-go.prometheus) port; - }; - nginx = { - hosts = [manwe yavanna]; - inherit (config.services.prometheus.exporters.nginx) port; - }; - node = { - hosts = [manwe varda yavanna]; - inherit (config.services.prometheus.exporters.node) port; - }; - postgres = { - hosts = [manwe]; - inherit (config.services.prometheus.exporters.postgres) port; - }; - redis = { - hosts = [manwe]; - inherit (config.services.prometheus.exporters.redis) port; - }; - unbound = { - hosts = [manwe]; - inherit (config.services.prometheus.exporters.unbound) port; - }; - wireguard = { - hosts = [manwe]; - inherit (config.services.prometheus.exporters.wireguard) port; - }; - exportarr-lidarr = { - hosts = [yavanna]; - inherit (config.services.prometheus.exporters.exportarr-lidarr) port; + relabel_configs = [ + { + source_labels = [ "__address__" ]; + regex = "([^:]+):\\d+"; + target_label = "instance"; + } + ] ++ optionals (hasAttr "relabel" value) value.relabel; + }) + { + promtail = { + hosts = [ + manwe + varda + yavanna + ]; + inherit (config.nixfiles.modules.promtail) port; + }; + ntfy = { + hosts = [ manwe ]; + inherit (config.nixfiles.modules.ntfy.prometheus) port; + }; + soju = { + hosts = [ "127.0.0.1" ]; + inherit (config.nixfiles.modules.soju.prometheus) port; + }; + endlessh-go = { + hosts = [ + manwe + varda + yavanna + ]; + inherit (config.services.endlessh-go.prometheus) port; + }; + nginx = { + hosts = [ + manwe + yavanna + ]; + inherit (config.services.prometheus.exporters.nginx) port; + }; + node = { + hosts = [ + manwe + varda + yavanna + ]; + inherit (config.services.prometheus.exporters.node) port; + }; + postgres = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.postgres) port; + }; + redis = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.redis) port; + }; + unbound = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.unbound) port; + }; + wireguard = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.wireguard) port; + }; + exportarr-lidarr = { + hosts = [ yavanna ]; + inherit (config.services.prometheus.exporters.exportarr-lidarr) port; + }; }; - }; ruleFiles = [ ./rules/nginx.yaml @@ -222,9 +234,7 @@ in { alertmanagers = [ { scheme = "https"; - static_configs = [ - {targets = [config.nixfiles.modules.alertmanager.domain];} - ]; + static_configs = [ { targets = [ config.nixfiles.modules.alertmanager.domain ]; } ]; } ]; }; diff --git a/modules/nixos/mpd.nix b/modules/nixos/mpd.nix index 485cde3..7c3c821 100644 --- a/modules/nixos/mpd.nix +++ b/modules/nixos/mpd.nix @@ -4,16 +4,18 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.mpd; -in { +in +{ options.nixfiles.modules.mpd.enable = mkEnableOption "MPD and its clients."; config = mkIf cfg.enable { nixfiles.modules.sound.enable = true; hm = { - home.packages = with pkgs; [mpc_cli]; + home.packages = with pkgs; [ mpc_cli ]; services.mpd = { enable = true; @@ -170,19 +172,31 @@ in { } { key = "J"; - command = ["select_item" "scroll_down"]; + command = [ + "select_item" + "scroll_down" + ]; } { key = "K"; - command = ["select_item" "scroll_up"]; + command = [ + "select_item" + "scroll_up" + ]; } { key = "h"; - command = ["previous_column" "master_screen"]; + command = [ + "previous_column" + "master_screen" + ]; } { key = "l"; - command = ["next_column" "slave_screen"]; + command = [ + "next_column" + "slave_screen" + ]; } { key = "g"; diff --git a/modules/nixos/mpv.nix b/modules/nixos/mpv.nix index a2b73fa..8042c1a 100644 --- a/modules/nixos/mpv.nix +++ b/modules/nixos/mpv.nix @@ -1,92 +1,91 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.mpv; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules.common = { shell.aliases.cam = "mpv av://v4l2:/dev/video0"; - xdg.defaultApplications.mpv = let - audio = [ - "audio/aac" - "audio/ac3" - "audio/basic" - "audio/flac" - "audio/midi" - "audio/mp4" - "audio/mpeg" - "audio/ogg" - "audio/opus" - "audio/vnd.dts" - "audio/vnd.dts.hd" - "audio/webm" - "audio/x-adpcm" - "audio/x-aifc" - "audio/x-aiff" - "audio/x-ape" - "audio/x-flac+ogg" - "audio/x-m4b" - "audio/x-m4r" - "audio/x-matroska" - "audio/x-mpegurl" - "audio/x-musepack" - "audio/x-opus+ogg" - "audio/x-speex" - "audio/x-speex+ogg" - "audio/x-vorbis+ogg" - "audio/x-wav" - "audio/x-wavpack" - "x-content/audio-cdda" - "x-content/audio-dvd" - ]; - video = [ - "video/3gpp" - "video/3gpp2" - "video/mkv" - "video/mp2t" - "video/mp4" - "video/mpeg" - "video/ogg" - "video/quicktime" - "video/vnd.mpegurl" - "video/vnd.radgamettools.bink" - "video/vnd.radgamettools.smacker" - "video/wavelet" - "video/webm" - "video/x-matroska" - "video/x-matroska-3d" - "video/x-mjpeg" - "video/x-msvideo" - "video/x-ogm+ogg" - "video/x-theora+ogg" - "x-content/video-bluray" - "x-content/video-dvd" - "x-content/video-hddvd" - "x-content/video-svcd" - "x-content/video-vcd" - ]; - image = [ - "image/avif" - "image/bmp" - "image/gif" - "image/jp2" - "image/jpeg" - "image/jpg" - "image/jpm" - "image/jpx" - "image/jxl" - "image/png" - "image/tiff" - "image/vnd.microsoft.icon" - "image/webp" - "image/webp" - "image/x-tga" - ]; - in + xdg.defaultApplications.mpv = + let + audio = [ + "audio/aac" + "audio/ac3" + "audio/basic" + "audio/flac" + "audio/midi" + "audio/mp4" + "audio/mpeg" + "audio/ogg" + "audio/opus" + "audio/vnd.dts" + "audio/vnd.dts.hd" + "audio/webm" + "audio/x-adpcm" + "audio/x-aifc" + "audio/x-aiff" + "audio/x-ape" + "audio/x-flac+ogg" + "audio/x-m4b" + "audio/x-m4r" + "audio/x-matroska" + "audio/x-mpegurl" + "audio/x-musepack" + "audio/x-opus+ogg" + "audio/x-speex" + "audio/x-speex+ogg" + "audio/x-vorbis+ogg" + "audio/x-wav" + "audio/x-wavpack" + "x-content/audio-cdda" + "x-content/audio-dvd" + ]; + video = [ + "video/3gpp" + "video/3gpp2" + "video/mkv" + "video/mp2t" + "video/mp4" + "video/mpeg" + "video/ogg" + "video/quicktime" + "video/vnd.mpegurl" + "video/vnd.radgamettools.bink" + "video/vnd.radgamettools.smacker" + "video/wavelet" + "video/webm" + "video/x-matroska" + "video/x-matroska-3d" + "video/x-mjpeg" + "video/x-msvideo" + "video/x-ogm+ogg" + "video/x-theora+ogg" + "x-content/video-bluray" + "x-content/video-dvd" + "x-content/video-hddvd" + "x-content/video-svcd" + "x-content/video-vcd" + ]; + image = [ + "image/avif" + "image/bmp" + "image/gif" + "image/jp2" + "image/jpeg" + "image/jpg" + "image/jpm" + "image/jpx" + "image/jxl" + "image/png" + "image/tiff" + "image/vnd.microsoft.icon" + "image/webp" + "image/webp" + "image/x-tga" + ]; + in audio ++ video ++ image; }; }; diff --git a/modules/nixos/murmur.nix b/modules/nixos/murmur.nix index 8ac7899..7621c9e 100644 --- a/modules/nixos/murmur.nix +++ b/modules/nixos/murmur.nix @@ -4,13 +4,15 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.murmur; -in { +in +{ options.nixfiles.modules.murmur.enable = mkEnableOption "Murmur"; config = mkIf cfg.enable { - ark.directories = ["/var/lib/murmur"]; + ark.directories = [ "/var/lib/murmur" ]; secrets.murmur-environment = { file = "${inputs.self}/secrets/murmur-environment"; diff --git a/modules/nixos/nextcloud.nix b/modules/nixos/nextcloud.nix index 13cecb7..4053c38 100644 --- a/modules/nixos/nextcloud.nix +++ b/modules/nixos/nextcloud.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.nextcloud; -in { +in +{ options.nixfiles.modules.nextcloud = { enable = mkEnableOption "Nextcloud"; @@ -21,97 +23,105 @@ in { nixfiles.modules = { nginx = { enable = true; - virtualHosts.${cfg.domain} = {}; + virtualHosts.${cfg.domain} = { }; }; postgresql.enable = true; }; - services = let - db = "nextcloud"; - in { - nextcloud = mkMerge [ - { - enable = true; - package = pkgs.nextcloud23; - - hostName = cfg.domain; + services = + let + db = "nextcloud"; + in + { + nextcloud = mkMerge [ + { + enable = true; + package = pkgs.nextcloud23; - appstoreEnable = false; + hostName = cfg.domain; - config = { - adminpassFile = null; # This needs to be set as secret. + appstoreEnable = false; - dbtype = "pgsql"; - dbhost = "/run/postgresql"; - dbuser = db; - dbname = db; + config = { + adminpassFile = null; # This needs to be set as secret. - defaultPhoneRegion = "RU"; - }; + dbtype = "pgsql"; + dbhost = "/run/postgresql"; + dbuser = db; + dbname = db; - extraApps = let - mkNextcloudApp = { - name, - version, - hash, - }: - pkgs.fetchNextcloudApp { - inherit name version hash; - url = "https://github.com/nextcloud/${name}/archive/refs/tags/v${version}.tar.gz"; - }; - in { - contacts = mkNextcloudApp { - name = "contacts"; - version = "4.0.1"; - sha256 = "sha256-dXKsG8KmlUojeY5dUn/XsMD3KaSh4QcZFOGDdcqlSvE="; - }; - calendar = mkNextcloudApp { - name = "calendar"; - version = "3.0.5"; - sha256 = "sha256-aKUKm7fWJQxOWwma56Tv+GGIo+p0n30Nhoyt4XoxsjI="; - }; - files_rightclick = mkNextcloudApp { - name = "files_rightclick"; - version = "23.0.1"; - sha256 = "sha256-VYODzkvvGrtpyRoug/8UPKhAgfCx1ltP1JdGPiB/lts="; - }; - unsplash = mkNextcloudApp { - name = "unsplash"; - version = "1.2.4"; - sha256 = "sha256-KGSkBOrNu0nK0YvAPYaxEL/kZNoJQD1oBV2aUBxh6cI="; - }; - previewgenerator = mkNextcloudApp { - name = "previewgenerator"; - version = "3.4.1"; - sha256 = "sha256-IUdj0xWt5zHxQoiMv1bYyYTzekuOFrsRIe530QOwC/w="; + defaultPhoneRegion = "RU"; }; - bruteforcesettings = mkNextcloudApp { - name = "bruteforcesettings"; - version = "2.3.0"; - sha256 = "sha256-J7ujmiPaw8GI7vDfVPXEum2XAMWvahciP8C6iXgckdE="; - }; - }; - } - (mkIf config.nixfiles.modules.acme.enable { - https = true; - config.overwriteProtocol = "https"; - }) - ]; - postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensureDBOwnership = true; + extraApps = + let + mkNextcloudApp = + { + name, + version, + hash, + }: + pkgs.fetchNextcloudApp { + inherit name version hash; + url = "https://github.com/nextcloud/${name}/archive/refs/tags/v${version}.tar.gz"; + }; + in + { + contacts = mkNextcloudApp { + name = "contacts"; + version = "4.0.1"; + sha256 = "sha256-dXKsG8KmlUojeY5dUn/XsMD3KaSh4QcZFOGDdcqlSvE="; + }; + calendar = mkNextcloudApp { + name = "calendar"; + version = "3.0.5"; + sha256 = "sha256-aKUKm7fWJQxOWwma56Tv+GGIo+p0n30Nhoyt4XoxsjI="; + }; + files_rightclick = mkNextcloudApp { + name = "files_rightclick"; + version = "23.0.1"; + sha256 = "sha256-VYODzkvvGrtpyRoug/8UPKhAgfCx1ltP1JdGPiB/lts="; + }; + unsplash = mkNextcloudApp { + name = "unsplash"; + version = "1.2.4"; + sha256 = "sha256-KGSkBOrNu0nK0YvAPYaxEL/kZNoJQD1oBV2aUBxh6cI="; + }; + previewgenerator = mkNextcloudApp { + name = "previewgenerator"; + version = "3.4.1"; + sha256 = "sha256-IUdj0xWt5zHxQoiMv1bYyYTzekuOFrsRIe530QOwC/w="; + }; + bruteforcesettings = mkNextcloudApp { + name = "bruteforcesettings"; + version = "2.3.0"; + sha256 = "sha256-J7ujmiPaw8GI7vDfVPXEum2XAMWvahciP8C6iXgckdE="; + }; + }; } + (mkIf config.nixfiles.modules.acme.enable { + https = true; + config.overwriteProtocol = "https"; + }) ]; + + postgresql = { + ensureDatabases = [ db ]; + ensureUsers = [ + { + name = db; + ensureDBOwnership = true; + } + ]; + }; }; - }; systemd = { services = { - nextcloud-setup.after = ["network-online.target" "postgresql.service"]; + nextcloud-setup.after = [ + "network-online.target" + "postgresql.service" + ]; nextcloud-preview-generate-cron.serviceConfig = { Type = "oneshot"; @@ -121,7 +131,7 @@ in { }; timers.nextcloud-preview-generate = { - wantedBy = ["timers.target"]; + wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "15m"; OnUnitActiveSec = "15m"; diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix index 05c6a06..ed34237 100644 --- a/modules/nixos/nginx.nix +++ b/modules/nixos/nginx.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.nginx; -in { +in +{ options.nixfiles.modules.nginx = { enable = mkEnableOption "Nginx"; @@ -62,8 +64,9 @@ in { '' add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; '' - (optionalString (hasAttr "wireguard" this) - (with config.nixfiles.modules.wireguard; '' + (optionalString (hasAttr "wireguard" this) ( + with config.nixfiles.modules.wireguard; + '' geo $internal { default 0; 127.0.0.1/32 1; @@ -71,7 +74,8 @@ in { ${ipv4.subnet} 1; ${ipv6.subnet} 1; } - '')) + '' + )) ]; inherit (cfg) upstreams; @@ -84,15 +88,18 @@ in { locations."/".return = "444"; }; } - // (mkIf (cfg.virtualHosts != null) (mapAttrs (_: attr: - mkMerge [ - attr - (mkIf config.nixfiles.modules.acme.enable { - enableACME = mkDefault true; - forceSSL = mkDefault true; - }) - ]) - cfg.virtualHosts)); + // (mkIf (cfg.virtualHosts != null) ( + mapAttrs ( + _: attr: + mkMerge [ + attr + (mkIf config.nixfiles.modules.acme.enable { + enableACME = mkDefault true; + forceSSL = mkDefault true; + }) + ] + ) cfg.virtualHosts + )); }; fail2ban.jails = { @@ -107,6 +114,9 @@ in { }; }; - networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; }; } diff --git a/modules/nixos/node-exporter.nix b/modules/nixos/node-exporter.nix index 43f48f6..8e76903 100644 --- a/modules/nixos/node-exporter.nix +++ b/modules/nixos/node-exporter.nix @@ -4,9 +4,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.node-exporter; -in { +in +{ options.nixfiles.modules.node-exporter.enable = mkEnableOption "Prometheus Node Exporter"; config = mkIf cfg.enable { diff --git a/modules/nixos/nsd.nix b/modules/nixos/nsd.nix index ae72f1d..f44a2a0 100644 --- a/modules/nixos/nsd.nix +++ b/modules/nixos/nsd.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.nsd; -in { +in +{ options.nixfiles.modules.nsd = { enable = mkEnableOption "NSD"; @@ -19,194 +21,208 @@ in { }; config = mkIf cfg.enable { - nixfiles.modules.nginx = let - domain = my.domain.shire; - in { - enable = true; - virtualHosts = mapAttrs' (_: v: - nameValuePair "mta-sts.${v}" { - locations."= /.well-known/mta-sts.txt" = { - extraConfig = '' - add_header default_type text/plain; - ''; - return = "200 '${concatStringsSep "\\r\\n" [ - "version: STSv1" - "mode: enforce" - "max_age: 2419200" - "mx: ${domain}" - ]}'"; - }; - }) - my.domain; - }; + nixfiles.modules.nginx = + let + domain = my.domain.shire; + in + { + enable = true; + virtualHosts = mapAttrs' ( + _: v: + nameValuePair "mta-sts.${v}" { + locations."= /.well-known/mta-sts.txt" = { + extraConfig = '' + add_header default_type text/plain; + ''; + return = "200 '${ + concatStringsSep "\\r\\n" [ + "version: STSv1" + "mode: enforce" + "max_age: 2419200" + "mx: ${domain}" + ] + }'"; + }; + } + ) my.domain; + }; services = { nsd = { enable = true; - interfaces = with this; [ipv4.address ipv6.address]; + interfaces = with this; [ + ipv4.address + ipv6.address + ]; ipTransparent = true; ratelimit.enable = true; - zones = let - dns = inputs.dns.lib; - in - with dns.combinators; let - ips = hostname: - with my.configurations.${hostname}; { - A = [(a ipv4.address)]; - AAAA = [(aaaa ipv6.address)]; + zones = + let + dns = inputs.dns.lib; + in + with dns.combinators; + let + ips = + hostname: with my.configurations.${hostname}; { + A = [ (a ipv4.address) ]; + AAAA = [ (aaaa ipv6.address) ]; }; - mkEmailEntries = { - domain ? my.domain.shire, - dkimKey ? null, - }: { - MX = [(mx.mx 10 "${my.domain.shire}.")]; - TXT = [(spf.soft ["a"])]; - DMARC = [ - { - p = "quarantine"; - sp = "quarantine"; - rua = ["mailto:admin+rua@${domain}"]; - ruf = ["mailto:admin+ruf@${domain}"]; - } - ]; - DKIM = optional (dkimKey != null) { - selector = "mail"; - p = dkimKey; + mkEmailEntries = + { + domain ? my.domain.shire, + dkimKey ? null, + }: + { + MX = [ (mx.mx 10 "${my.domain.shire}.") ]; + TXT = [ (spf.soft [ "a" ]) ]; + DMARC = [ + { + p = "quarantine"; + sp = "quarantine"; + rua = [ "mailto:admin+rua@${domain}" ]; + ruf = [ "mailto:admin+ruf@${domain}" ]; + } + ]; + DKIM = optional (dkimKey != null) { + selector = "mail"; + p = dkimKey; + }; + subdomains._mta-sts.TXT = [ "v=STSv1; id=20230506134541Z" ]; }; - subdomains._mta-sts.TXT = ["v=STSv1; id=20230506134541Z"]; - }; - mkZone = { - domain, - sldIps ? (ips "manwe"), - extra ? {}, - }: { - ${domain}.data = dns.toString domain (mkMerge [ - { - TTL = 60 * 60; + mkZone = + { + domain, + sldIps ? (ips "manwe"), + extra ? { }, + }: + { + ${domain}.data = dns.toString domain (mkMerge [ + { + TTL = 60 * 60; - SOA = { - nameServer = "${cfg.fqdn}."; - adminEmail = "admin+dns@${my.domain.shire}"; - serial = 2022091601; # Don't forget to bump the revision! - }; + SOA = { + nameServer = "${cfg.fqdn}."; + adminEmail = "admin+dns@${my.domain.shire}"; + serial = 2022091601; # Don't forget to bump the revision! + }; - NS = with my.domain; [ - "ns1.${shire}" - # "ns2.${shire}" - ]; + NS = with my.domain; [ + "ns1.${shire}" + # "ns2.${shire}" + ]; - CAA = letsEncrypt "admin+caa@${my.domain.shire}"; - } - sldIps - extra - ]); - }; + CAA = letsEncrypt "admin+caa@${my.domain.shire}"; + } + sldIps + extra + ]); + }; # https://ariadne.id/ # https://docs.keyoxide.org/service-providers/dns/ - ariadneIdProof.TXT = ["openpgp4fpr:${my.pgp.fingerprint}"]; + ariadneIdProof.TXT = [ "openpgp4fpr:${my.pgp.fingerprint}" ]; in - mkMerge [ - (mkZone rec { - domain = my.domain.shire; - extra = mkMerge [ - (mkEmailEntries { - inherit domain; - dkimKey = "@DKIM_KEY@"; - }) - { - subdomains = rec { - manwe = ips "manwe"; - "*.manwe" = manwe; - varda = ips "varda"; - "*.varda" = varda; - yavanna = ips "yavanna"; - "*.yavanna" = yavanna; - - mta-sts = manwe; - - ns1 = manwe; - # ns2 = varda; - - alertmanager = manwe; - bitwarden = manwe; - git = manwe; - grafana = manwe; - loki = manwe; - ntfy = manwe; - plausible = manwe; - prometheus = manwe; - radicale = manwe; - rss-bridge = manwe; - vaultwarden = manwe; - - flood = yavanna; - jackett = yavanna; - lidarr = yavanna; - }; - } - ]; - }) - (mkZone rec { - domain = my.domain.azahi; - extra = mkMerge [ - (mkEmailEntries { - inherit domain; - dkimKey = "@DKIM_KEY@"; - }) - ariadneIdProof - { - subdomains = { - mta-sts = ips "manwe"; + mkMerge [ + (mkZone rec { + domain = my.domain.shire; + extra = mkMerge [ + (mkEmailEntries { + inherit domain; + dkimKey = "@DKIM_KEY@"; + }) + { + subdomains = rec { + manwe = ips "manwe"; + "*.manwe" = manwe; + varda = ips "varda"; + "*.varda" = varda; + yavanna = ips "yavanna"; + "*.yavanna" = yavanna; + + mta-sts = manwe; + + ns1 = manwe; + # ns2 = varda; + + alertmanager = manwe; + bitwarden = manwe; + git = manwe; + grafana = manwe; + loki = manwe; + ntfy = manwe; + plausible = manwe; + prometheus = manwe; + radicale = manwe; + rss-bridge = manwe; + vaultwarden = manwe; + + flood = yavanna; + jackett = yavanna; + lidarr = yavanna; + }; + } + ]; + }) + (mkZone rec { + domain = my.domain.azahi; + extra = mkMerge [ + (mkEmailEntries { + inherit domain; + dkimKey = "@DKIM_KEY@"; + }) + ariadneIdProof + { + subdomains = { + mta-sts = ips "manwe"; - git = ips "manwe"; - }; - } - ]; - }) - (mkZone rec { - domain = my.domain.gondor; - extra = mkMerge [ - (mkEmailEntries { - inherit domain; - dkimKey = "@DKIM_KEY@"; - }) - { - subdomains = { - mta-sts = ips "manwe"; + git = ips "manwe"; + }; + } + ]; + }) + (mkZone rec { + domain = my.domain.gondor; + extra = mkMerge [ + (mkEmailEntries { + inherit domain; + dkimKey = "@DKIM_KEY@"; + }) + { + subdomains = { + mta-sts = ips "manwe"; - frodo = ips "manwe" // ariadneIdProof; - }; - } - ]; - }) - (mkZone rec { - domain = my.domain.rohan; - extra = mkMerge [ - (mkEmailEntries { - inherit domain; - dkimKey = "@DKIM_KEY@"; - }) - { - subdomains = { - mta-sts = ips "manwe"; + frodo = ips "manwe" // ariadneIdProof; + }; + } + ]; + }) + (mkZone rec { + domain = my.domain.rohan; + extra = mkMerge [ + (mkEmailEntries { + inherit domain; + dkimKey = "@DKIM_KEY@"; + }) + { + subdomains = { + mta-sts = ips "manwe"; - frodo = ips "manwe" // ariadneIdProof; - }; - } - ]; - }) - ]; + frodo = ips "manwe" // ariadneIdProof; + }; + } + ]; + }) + ]; }; fail2ban.jails.nsd.enabled = true; }; networking.firewall = rec { - allowedTCPPorts = [53]; + allowedTCPPorts = [ 53 ]; allowedUDPPorts = allowedTCPPorts; }; }; diff --git a/modules/nixos/ntfy.nix b/modules/nixos/ntfy.nix index 037f84a..5739855 100644 --- a/modules/nixos/ntfy.nix +++ b/modules/nixos/ntfy.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.ntfy; -in { +in +{ options.nixfiles.modules.ntfy = { enable = mkEnableOption "ntfy"; @@ -24,7 +26,9 @@ in { }; prometheus = { - enable = mkEnableOption "Prometheus exporter." // {default = true;}; + enable = mkEnableOption "Prometheus exporter." // { + default = true; + }; address = mkOption { description = "Address."; @@ -41,11 +45,11 @@ in { }; config = mkIf cfg.enable { - ark.files = [config.services.ntfy-sh.settings.auth-file]; + ark.files = [ config.services.ntfy-sh.settings.auth-file ]; nixfiles.modules.nginx = { enable = true; - upstreams.ntfy.servers.${config.services.ntfy-sh.settings.listen-http} = {}; + upstreams.ntfy.servers.${config.services.ntfy-sh.settings.listen-http} = { }; virtualHosts.${cfg.domain} = { locations = { "/" = { @@ -67,7 +71,8 @@ in { base-url = "https://${cfg.domain}"; behind-proxy = true; enable-metrics = cfg.prometheus.enable; - metrics-listen-http = with cfg.prometheus; + metrics-listen-http = + with cfg.prometheus; optionalString cfg.prometheus.enable "${address}:${toString port}"; }; }; diff --git a/modules/nixos/nullmailer.nix b/modules/nixos/nullmailer.nix index 193b109..9f7b4ac 100644 --- a/modules/nixos/nullmailer.nix +++ b/modules/nixos/nullmailer.nix @@ -4,9 +4,11 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.nullmailer; -in { +in +{ options.nixfiles.modules.nullmailer.enable = mkEnableOption "Nullmailer"; config = mkIf cfg.enable { diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix index 4324e45..9b82757 100644 --- a/modules/nixos/openssh.nix +++ b/modules/nixos/openssh.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.openssh; -in { +in +{ options.nixfiles.modules.openssh.server = { enable = mkEnableOption "OpenSSH server"; @@ -29,15 +27,12 @@ in { services = { openssh = { enable = true; - ports = [cfg.server.port]; + ports = [ cfg.server.port ]; settings = { ClientAliveCountMax = 3; ClientAliveInterval = 60; KbdInteractiveAuthentication = false; - LogLevel = - if config.nixfiles.modules.fail2ban.enable - then "VERBOSE" - else "ERROR"; + LogLevel = if config.nixfiles.modules.fail2ban.enable then "VERBOSE" else "ERROR"; MaxAuthTries = 3; PasswordAuthentication = false; PermitRootLogin = mkForce "no"; diff --git a/modules/nixos/plausible.nix b/modules/nixos/plausible.nix index 8de54d2..d63e3ab 100644 --- a/modules/nixos/plausible.nix +++ b/modules/nixos/plausible.nix @@ -4,9 +4,11 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.plausible; -in { +in +{ options.nixfiles.modules.plausible = { enable = mkEnableOption "Plausible Analytics"; @@ -23,15 +25,18 @@ in { }; }; - config = let - db = "plausible"; - in + config = + let + db = "plausible"; + in mkIf cfg.enable { _module.args.libPlausible = { - htmlPlausibleScript = { - domain ? "$host", - src ? "https://${cfg.domain}/js/script.js", - }: ''<script defer data-domain="${domain}" src="${src}"></script>''; + htmlPlausibleScript = + { + domain ? "$host", + src ? "https://${cfg.domain}/js/script.js", + }: + ''<script defer data-domain="${domain}" src="${src}"></script>''; }; secrets = { @@ -43,7 +48,7 @@ in { nixfiles.modules = { nginx = { enable = true; - upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${cfg.domain}.locations."/" = { proxyPass = "http://plausible"; proxyWebsockets = true; @@ -62,7 +67,7 @@ in { }; services.postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; diff --git a/modules/nixos/podman.nix b/modules/nixos/podman.nix index 5e369a6..bb4fda5 100644 --- a/modules/nixos/podman.nix +++ b/modules/nixos/podman.nix @@ -5,9 +5,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.podman; -in { +in +{ options.nixfiles.modules.podman.enable = mkEnableOption "Podman"; config = mkIf cfg.enable { @@ -29,13 +31,13 @@ in { virtualisation.podman.enable = true; - environment.systemPackages = with pkgs; [podman-compose]; + environment.systemPackages = with pkgs; [ podman-compose ]; - my.extraGroups = ["podman"]; + my.extraGroups = [ "podman" ]; hm.xdg.configFile = { "containers/registries.conf".source = pkgs.writers.writeTOML "containers-registries.toml" { - registries.search.registries = ["docker.io"]; + registries.search.registries = [ "docker.io" ]; }; "containers/storage.conf".source = pkgs.writers.writeTOML "containers-storage.toml" { diff --git a/modules/nixos/postgresql.nix b/modules/nixos/postgresql.nix index 89b24b8..5081340 100644 --- a/modules/nixos/postgresql.nix +++ b/modules/nixos/postgresql.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.postgresql; -in { +in +{ options.nixfiles.modules.postgresql = { enable = mkEnableOption "PostgreSQL"; @@ -19,7 +21,7 @@ in { extraPostStart = mkOption { type = with types; listOf str; - default = []; + default = [ ]; description = '' Additional post-startup commands. @@ -37,7 +39,7 @@ in { } ]; - ark.directories = [config.services.postgresql.dataDir]; + ark.directories = [ config.services.postgresql.dataDir ]; services = { postgresql = { @@ -72,21 +74,25 @@ in { }; }; - systemd.services.postgresql.postStart = optionalString (cfg.extraPostStart != []) concatLines cfg.extraPostStart; + systemd.services.postgresql.postStart = optionalString ( + cfg.extraPostStart != [ ] + ) concatLines cfg.extraPostStart; - environment.sessionVariables.PSQLRC = toString (pkgs.writeText "psqlrc" '' - \set QUIET 1 + environment.sessionVariables.PSQLRC = toString ( + pkgs.writeText "psqlrc" '' + \set QUIET 1 - \timing - \x auto - \pset null '[NULL]' - \set PROMPT1 '%[%033[1m%]%M %n@%/%R%[%033[0m%]% λ ' - \set PROMPT2 ' … > ' - \set VERBOSITY verbose - \set HISTCONTROL ignoredups - \set HISTFILE /dev/null + \timing + \x auto + \pset null '[NULL]' + \set PROMPT1 '%[%033[1m%]%M %n@%/%R%[%033[0m%]% λ ' + \set PROMPT2 ' … > ' + \set VERBOSITY verbose + \set HISTCONTROL ignoredups + \set HISTFILE /dev/null - \unset QUIET - ''); + \unset QUIET + '' + ); }; } diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix index 2027758..93c46e3 100644 --- a/modules/nixos/profiles/default.nix +++ b/modules/nixos/profiles/default.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.default; -in { +in +{ imports = [ ./dev ./headful.nix @@ -14,7 +16,7 @@ in { ]; config = mkIf cfg.enable { - ark.directories = ["/var/log"]; + ark.directories = [ "/var/log" ]; programs.less = { enable = true; diff --git a/modules/nixos/profiles/dev/containers.nix b/modules/nixos/profiles/dev/containers.nix index 67754c0..d2a7d62 100644 --- a/modules/nixos/profiles/dev/containers.nix +++ b/modules/nixos/profiles/dev/containers.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.dev.containers; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules = { common.shell.aliases.b = "buildah"; @@ -17,10 +19,10 @@ in { home = { sessionVariables.MINIKUBE_HOME = "${config.dirs.config}/minikube"; - packages = with pkgs; [buildah]; + packages = with pkgs; [ buildah ]; }; - xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} { + xdg.dataFile."minikube/config/config.json".text = generators.toJSON { } { config.Rootless = true; driver = "podman"; container-runtime = "cri-o"; diff --git a/modules/nixos/profiles/dev/default.nix b/modules/nixos/profiles/dev/default.nix index 5253e95..d2411ea 100644 --- a/modules/nixos/profiles/dev/default.nix +++ b/modules/nixos/profiles/dev/default.nix @@ -4,12 +4,12 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.dev; -in { - imports = [ - ./containers.nix - ]; +in +{ + imports = [ ./containers.nix ]; config = mkIf cfg.enable { hm.home.language = { diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix index d8e1699..8206aa8 100644 --- a/modules/nixos/profiles/headful.nix +++ b/modules/nixos/profiles/headful.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.headful; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules = { chromium.enable = true; @@ -77,7 +79,7 @@ in { psd.enable = true; }; - environment.systemPackages = with pkgs; [lm_sensors]; + environment.systemPackages = with pkgs; [ lm_sensors ]; my.extraGroups = [ "audio" diff --git a/modules/nixos/profiles/headless.nix b/modules/nixos/profiles/headless.nix index d1fcfa4..f3f3572 100644 --- a/modules/nixos/profiles/headless.nix +++ b/modules/nixos/profiles/headless.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.headless; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules = { openssh.server.enable = true; @@ -33,7 +35,7 @@ in { optimise = { automatic = true; - dates = ["daily"]; + dates = [ "daily" ]; }; }; diff --git a/modules/nixos/prometheus.nix b/modules/nixos/prometheus.nix index 0320e82..9f28cd5 100644 --- a/modules/nixos/prometheus.nix +++ b/modules/nixos/prometheus.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.prometheus; -in { +in +{ options.nixfiles.modules.prometheus = { enable = mkEnableOption "Prometheus"; @@ -26,7 +28,7 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = with cfg; { enable = true; - upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${domain} = { locations."/".proxyPass = "http://prometheus"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/promtail.nix b/modules/nixos/promtail.nix index 28dc897..65d88d4 100644 --- a/modules/nixos/promtail.nix +++ b/modules/nixos/promtail.nix @@ -4,9 +4,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.promtail; -in { +in +{ options.nixfiles.modules.promtail = { enable = mkEnableOption "Promtail"; @@ -25,7 +27,7 @@ in { filters = mkOption { description = ''Filters to use with "scrape_config.pipeline_stages".''; type = with types; listOf attrs; - default = []; + default = [ ]; }; }; @@ -64,60 +66,63 @@ in { job_name = "journal"; journal.max_age = "24h"; relabel_configs = - map (n: let - label = toLower n; - in { - source_labels = ["__journal_${label}"]; - target_label = - if hasPrefix "_" label - then substring 1 (stringLength label - 1) label - else label; - }) [ - # Derived from systemd.journal fields[1]. - # - # [1]: https://github.com/coreos/go-systemd/blob/main/sdjournal/journal.go#L335 - # [1]: https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html + map + ( + n: + let + label = toLower n; + in + { + source_labels = [ "__journal_${label}" ]; + target_label = if hasPrefix "_" label then substring 1 (stringLength label - 1) label else label; + } + ) + [ + # Derived from systemd.journal fields[1]. + # + # [1]: https://github.com/coreos/go-systemd/blob/main/sdjournal/journal.go#L335 + # [1]: https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html - "MESSAGE" - # "MESSAGE_ID" - "PRIORITY" - # "CODE_FILE" - # "CODE_LINE" - # "CODE_FUNC" - # "ERRNO" - "SYSLOG_FACILITY" - "SYSLOG_IDENTIFIER" - # "SYSLOG_PID" - # "_PID" - # "_UID" - # "_GID" - # "_COMM" - # "_EXE" - "_CMDLINE" - # "_CAP_EFFECTIVE" - # "_AUDIT_SESSION" - # "_AUDIT_LOGINUID" - # "_SYSTEMD_CGROUP" - # "_SYSTEMD_SESSION" - # "_SYSTEMD_UNIT" - # "_SYSTEMD_USER_UNIT" - # "_SYSTEMD_OWNER_UID" - # "_SYSTEMD_SLICE" - # "_SELINUX_CONTEXT" - # "_SOURCE_REALTIME_TIMESTAMP" - # "_BOOT_ID" - # "_MACHINE_ID" - "_HOSTNAME" - # "_TRANSPORT" - # "__CURSOR" - # "__REALTIME_TIMESTAMP" - # "__MONOTONIC_TIMESTAMP" - ] + "MESSAGE" + # "MESSAGE_ID" + "PRIORITY" + # "CODE_FILE" + # "CODE_LINE" + # "CODE_FUNC" + # "ERRNO" + "SYSLOG_FACILITY" + "SYSLOG_IDENTIFIER" + # "SYSLOG_PID" + # "_PID" + # "_UID" + # "_GID" + # "_COMM" + # "_EXE" + "_CMDLINE" + # "_CAP_EFFECTIVE" + # "_AUDIT_SESSION" + # "_AUDIT_LOGINUID" + # "_SYSTEMD_CGROUP" + # "_SYSTEMD_SESSION" + # "_SYSTEMD_UNIT" + # "_SYSTEMD_USER_UNIT" + # "_SYSTEMD_OWNER_UID" + # "_SYSTEMD_SLICE" + # "_SELINUX_CONTEXT" + # "_SOURCE_REALTIME_TIMESTAMP" + # "_BOOT_ID" + # "_MACHINE_ID" + "_HOSTNAME" + # "_TRANSPORT" + # "__CURSOR" + # "__REALTIME_TIMESTAMP" + # "__MONOTONIC_TIMESTAMP" + ] ++ [ { # This is weird. I can't find where is this defined in the # source code but apparently it exists. - source_labels = ["__journal_priority_keyword"]; + source_labels = [ "__journal_priority_keyword" ]; target_label = "level"; } ]; diff --git a/modules/nixos/psd.nix b/modules/nixos/psd.nix index eb5a1a8..f974af2 100644 --- a/modules/nixos/psd.nix +++ b/modules/nixos/psd.nix @@ -4,15 +4,16 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.psd; -in { - options.nixfiles.modules.psd.enable = - mkEnableOption "Profile Sync Daemon"; +in +{ + options.nixfiles.modules.psd.enable = mkEnableOption "Profile Sync Daemon"; config = mkIf cfg.enable { hm = { - home.packages = with pkgs; [profile-sync-daemon]; + home.packages = with pkgs; [ profile-sync-daemon ]; xdg.configFile."psd/psd.conf".text = '' USE_OVERLAYFS="yes" @@ -20,40 +21,42 @@ in { }; systemd.user = { - services = let - exe = getExe' pkgs.profile-sync-daemon "profile-sync-daemon"; - in { - psd = { - unitConfig = { - Description = "Profile-sync-daemon"; - Wants = ["psd-resync.service"]; - RequiresMountsFor = "/home/"; - After = ["local-fs.target"]; - }; - serviceConfig = { - RemainAfterExit = true; - ExecStart = "${exe} startup"; - ExecStop = "${exe} unsync"; + services = + let + exe = getExe' pkgs.profile-sync-daemon "profile-sync-daemon"; + in + { + psd = { + unitConfig = { + Description = "Profile-sync-daemon"; + Wants = [ "psd-resync.service" ]; + RequiresMountsFor = "/home/"; + After = [ "local-fs.target" ]; + }; + serviceConfig = { + RemainAfterExit = true; + ExecStart = "${exe} startup"; + ExecStop = "${exe} unsync"; + }; + wantedBy = [ "graphical.target" ]; }; - wantedBy = ["graphical.target"]; - }; - psd-resync = { - unitConfig = { - Description = "Profile-sync-daemon resync"; - After = ["psd.service"]; - Wants = ["psd-resync.timer"]; - BindsTo = ["psd.service"]; + psd-resync = { + unitConfig = { + Description = "Profile-sync-daemon resync"; + After = [ "psd.service" ]; + Wants = [ "psd-resync.timer" ]; + BindsTo = [ "psd.service" ]; + }; + serviceConfig.ExecStart = "${exe} resync"; + wantedBy = [ "graphical.target" ]; }; - serviceConfig.ExecStart = "${exe} resync"; - wantedBy = ["graphical.target"]; }; - }; timers.psd-resync = { unitConfig = { Description = "Profile-sync-daemon resync timer"; - BindsTo = ["psd.service"]; + BindsTo = [ "psd.service" ]; }; timerConfig.OnUnitActiveSec = "1h"; }; diff --git a/modules/nixos/radarr.nix b/modules/nixos/radarr.nix index 72abfac..9e4e13f 100644 --- a/modules/nixos/radarr.nix +++ b/modules/nixos/radarr.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.radarr; -in { +in +{ options.nixfiles.modules.radarr = { enable = mkEnableOption "Radarr"; @@ -18,11 +20,11 @@ in { }; config = mkIf cfg.enable { - ark.directories = ["/var/lib/radarr"]; + ark.directories = [ "/var/lib/radarr" ]; nixfiles.modules.nginx = { enable = true; - upstreams.radarr.servers."127.0.0.1:7878" = {}; + upstreams.radarr.servers."127.0.0.1:7878" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://radarr"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/radicale.nix b/modules/nixos/radicale.nix index 588ed51..59fb4a2 100644 --- a/modules/nixos/radicale.nix +++ b/modules/nixos/radicale.nix @@ -5,9 +5,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.radicale; -in { +in +{ options.nixfiles.modules.radicale = { enable = mkEnableOption "Radicale"; @@ -18,11 +20,12 @@ in { }; }; - config = let - port = 5232; - in + config = + let + port = 5232; + in mkIf cfg.enable { - ark.directories = ["/var/lib/radicale"]; + ark.directories = [ "/var/lib/radicale" ]; secrets.radicale-htpasswd = { file = "${inputs.self}/secrets/radicale-htpasswd"; @@ -32,7 +35,7 @@ in { nixfiles.modules.nginx = { enable = true; - upstreams.radicale.servers."127.0.0.1:${toString port}" = {}; + upstreams.radicale.servers."127.0.0.1:${toString port}" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://radicale"; extraConfig = libNginx.config.internalOnly; @@ -42,7 +45,7 @@ in { services.radicale = { enable = true; settings = { - server.hosts = ["127.0.0.1:${toString port}"]; + server.hosts = [ "127.0.0.1:${toString port}" ]; web.type = "none"; auth = { type = "htpasswd"; diff --git a/modules/nixos/redis.nix b/modules/nixos/redis.nix index ca25101..e2151c7 100644 --- a/modules/nixos/redis.nix +++ b/modules/nixos/redis.nix @@ -4,13 +4,15 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.redis; -in { +in +{ options.nixfiles.modules.redis.enable = mkEnableOption "Redis"; config = mkIf cfg.enable { - ark.directories = ["/var/lib/redis-default"]; + ark.directories = [ "/var/lib/redis-default" ]; services = { redis = { diff --git a/modules/nixos/rss-bridge.nix b/modules/nixos/rss-bridge.nix index 486f2bf..de1d6b6 100644 --- a/modules/nixos/rss-bridge.nix +++ b/modules/nixos/rss-bridge.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.rss-bridge; -in { +in +{ options.nixfiles.modules.rss-bridge = { enable = mkEnableOption "RSS-Bridge"; @@ -18,7 +20,7 @@ in { }; config = mkIf cfg.enable { - ark.directories = ["/var/lib/rss-bridge"]; + ark.directories = [ "/var/lib/rss-bridge" ]; nixfiles.modules.nginx = { enable = true; @@ -28,7 +30,7 @@ in { services.rss-bridge = { enable = true; virtualHost = cfg.domain; - whitelist = ["*"]; + whitelist = [ "*" ]; }; }; } diff --git a/modules/nixos/rtorrent.nix b/modules/nixos/rtorrent.nix index c39f306..82ef1b2 100644 --- a/modules/nixos/rtorrent.nix +++ b/modules/nixos/rtorrent.nix @@ -5,14 +5,18 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.rtorrent; -in { +in +{ options.nixfiles.modules.rtorrent = { enable = mkEnableOption "rTorrent"; flood = { - enable = mkEnableOption "Flood" // {default = cfg.enable;}; + enable = mkEnableOption "Flood" // { + default = cfg.enable; + }; domain = mkOption { description = "Domain name sans protocol scheme."; @@ -22,202 +26,223 @@ in { }; }; - config = let - user = "rtorrent"; - group = "rtorrent"; - baseDir = "/var/lib/rtorrent"; - rpcSocket = "${baseDir}/rpc.socket"; - in + config = + let + user = "rtorrent"; + group = "rtorrent"; + baseDir = "/var/lib/rtorrent"; + rpcSocket = "${baseDir}/rpc.socket"; + in mkIf cfg.enable (mkMerge [ - (let - port = 50000; - in { - ark.directories = [baseDir]; - - systemd = { - services.rtorrent = { - description = "rTorrent"; - after = ["network.target" "local-fs.target"]; - serviceConfig = let - leechDir = "${baseDir}/leech"; - seedDir = "${baseDir}/seed"; - sessionDir = "${baseDir}/session"; - logDir = "${baseDir}/log"; - configFile = let - moveCompleted = getExe (pkgs.writeShellApplication { - name = "move-completed"; - runtimeInputs = with pkgs; [ - coreutils-full - gnused - findutils + ( + let + port = 50000; + in + { + ark.directories = [ baseDir ]; + + systemd = { + services.rtorrent = { + description = "rTorrent"; + after = [ + "network.target" + "local-fs.target" + ]; + serviceConfig = + let + leechDir = "${baseDir}/leech"; + seedDir = "${baseDir}/seed"; + sessionDir = "${baseDir}/session"; + logDir = "${baseDir}/log"; + configFile = + let + moveCompleted = getExe ( + pkgs.writeShellApplication { + name = "move-completed"; + runtimeInputs = with pkgs; [ + coreutils-full + gnused + findutils + ]; + text = '' + set -x + + leech_path="$1" + seed_path="$2" + # seed_path="$(echo "$2" | sed 's@+@ @g;s@%@\\x@g' | xargs -0 printf '%b')" + + mkdir -pv "$seed_path" + mv -fv "$leech_path" "$seed_path" + ''; + } + ); + in + pkgs.writeText "rtorrent.rc" '' + method.insert = cfg.leech, private|const|string, (cat, "${leechDir}") + method.insert = cfg.seed, private|const|string, (cat, "${seedDir}") + method.insert = cfg.session, private|const|string, (cat, "${sessionDir}") + method.insert = cfg.log, private|const|string, (cat, "${logDir}") + method.insert = cfg.rpcsocket, private|const|string, (cat, "${rpcSocket}") + + directory.default.set = (cat, (cfg.leech)) + session.path.set = (cat, (cfg.session)) + + network.port_range.set = ${toString port}-${toString port} + network.port_random.set = no + + dht.mode.set = disable + protocol.pex.set = no + + trackers.use_udp.set = no + + protocol.encryption.set = allow_incoming,try_outgoing,enable_retry + + pieces.memory.max.set = ${toString (pow 2 11)}M + pieces.preload.type.set = 2 + + network.xmlrpc.size_limit.set = ${toString (pow 2 17)} + + network.max_open_files.set = ${toString (pow 2 10)} + network.max_open_sockets.set = ${toString (pow 2 10)} + + network.http.max_open.set = ${toString (pow 2 8)} + + throttle.global_down.max_rate.set_kb = 0 + throttle.global_up.max_rate.set_kb = 0 + + encoding.add = UTF-8 + system.umask.set = 0027 + system.cwd.set = (directory.default) + + network.scgi.open_local = (cat, (cfg.rpcsocket)) + + method.insert = d.move_completed, simple, "\ + d.directory.set=$argument.1=;\ + execute=${moveCompleted}, $argument.0=, $argument.1=;\ + d.save_full_session=\ + " + method.insert = d.leech_path, simple, "\ + if=(d.is_multi_file),\ + (cat, (d.directory), /),\ + (cat, (d.directory), /, (d.name))\ + " + method.insert = d.seed_path, simple, "\ + cat=$cfg.seed=, /, $d.custom1=\ + " + method.set_key = event.download.finished, move_complete, "\ + d.move_completed=$d.leech_path=, $d.seed_path=\ + " + + log.open_file = "log", (cat, (cfg.log), "/", "default.log") + log.add_output = "info", "log" + log.execute = (cat, (cfg.log), "/", "execute.log") + ''; + in + { + Restart = "on-failure"; + RestartSec = 3; + + KillMode = "process"; + KillSignal = "SIGHUP"; + + User = user; + Group = group; + + ExecStartPre = concatStringsSep " " [ + "${pkgs.coreutils-full}/bin/mkdir -p" + leechDir + seedDir + sessionDir + logDir + ]; + ExecStart = concatStringsSep " " [ + (getExe pkgs.rtorrent) + "-n" + "-o system.daemon.set=true" + "-o network.bind_address.set=0.0.0.0" + "-o import=${configFile}" + ]; + ExecStop = concatStringsSep " " [ + "${pkgs.coreutils-full}/bin/rm -rf" + rpcSocket ]; - text = '' - set -x - - leech_path="$1" - seed_path="$2" - # seed_path="$(echo "$2" | sed 's@+@ @g;s@%@\\x@g' | xargs -0 printf '%b')" - - mkdir -pv "$seed_path" - mv -fv "$leech_path" "$seed_path" - ''; - }); - in - pkgs.writeText "rtorrent.rc" '' - method.insert = cfg.leech, private|const|string, (cat, "${leechDir}") - method.insert = cfg.seed, private|const|string, (cat, "${seedDir}") - method.insert = cfg.session, private|const|string, (cat, "${sessionDir}") - method.insert = cfg.log, private|const|string, (cat, "${logDir}") - method.insert = cfg.rpcsocket, private|const|string, (cat, "${rpcSocket}") - - directory.default.set = (cat, (cfg.leech)) - session.path.set = (cat, (cfg.session)) - - network.port_range.set = ${toString port}-${toString port} - network.port_random.set = no - - dht.mode.set = disable - protocol.pex.set = no - - trackers.use_udp.set = no - - protocol.encryption.set = allow_incoming,try_outgoing,enable_retry - - pieces.memory.max.set = ${toString (pow 2 11)}M - pieces.preload.type.set = 2 - - network.xmlrpc.size_limit.set = ${toString (pow 2 17)} - - network.max_open_files.set = ${toString (pow 2 10)} - network.max_open_sockets.set = ${toString (pow 2 10)} - - network.http.max_open.set = ${toString (pow 2 8)} - - throttle.global_down.max_rate.set_kb = 0 - throttle.global_up.max_rate.set_kb = 0 - - encoding.add = UTF-8 - system.umask.set = 0027 - system.cwd.set = (directory.default) - - network.scgi.open_local = (cat, (cfg.rpcsocket)) - - method.insert = d.move_completed, simple, "\ - d.directory.set=$argument.1=;\ - execute=${moveCompleted}, $argument.0=, $argument.1=;\ - d.save_full_session=\ - " - method.insert = d.leech_path, simple, "\ - if=(d.is_multi_file),\ - (cat, (d.directory), /),\ - (cat, (d.directory), /, (d.name))\ - " - method.insert = d.seed_path, simple, "\ - cat=$cfg.seed=, /, $d.custom1=\ - " - method.set_key = event.download.finished, move_complete, "\ - d.move_completed=$d.leech_path=, $d.seed_path=\ - " - - log.open_file = "log", (cat, (cfg.log), "/", "default.log") - log.add_output = "info", "log" - log.execute = (cat, (cfg.log), "/", "execute.log") - ''; - in { - Restart = "on-failure"; - RestartSec = 3; - - KillMode = "process"; - KillSignal = "SIGHUP"; - User = user; - Group = group; + RuntimeDirectory = "rtorrent"; + RuntimeDirectoryMode = 750; + UMask = 27; + AmbientCapabilities = [ "" ]; + CapabilityBoundingSet = [ "" ]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProcSubset = "pid"; + RemoveIPC = true; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@resources" + "~@privileged" + ]; + }; + wantedBy = [ "multi-user.target" ]; + }; - ExecStartPre = concatStringsSep " " [ - "${pkgs.coreutils-full}/bin/mkdir -p" - leechDir - seedDir - sessionDir - logDir - ]; - ExecStart = concatStringsSep " " [ - (getExe pkgs.rtorrent) - "-n" - "-o system.daemon.set=true" - "-o network.bind_address.set=0.0.0.0" - "-o import=${configFile}" - ]; - ExecStop = concatStringsSep " " [ - "${pkgs.coreutils-full}/bin/rm -rf" - rpcSocket - ]; + tmpfiles.rules = [ "d '${baseDir}' 0750 ${user} ${group} -" ]; + }; - RuntimeDirectory = "rtorrent"; - RuntimeDirectoryMode = 0750; - UMask = 0027; - AmbientCapabilities = [""]; - CapabilityBoundingSet = [""]; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProcSubset = "pid"; - RemoveIPC = true; - RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = ["@system-service" "~@resources" "~@privileged"]; + users = { + users.${user} = { + inherit group; + shell = pkgs.bashInteractive; + home = baseDir; + description = "rTorrent"; + isSystemUser = true; }; - wantedBy = ["multi-user.target"]; + groups.${group} = { }; }; - - tmpfiles.rules = ["d '${baseDir}' 0750 ${user} ${group} -"]; - }; - - users = { - users.${user} = { - inherit group; - shell = pkgs.bashInteractive; - home = baseDir; - description = "rTorrent"; - isSystemUser = true; + my.extraGroups = [ group ]; + + networking.firewall.allowedTCPPorts = [ port ]; + + boot.kernel.sysctl = { + "net.core.rmem_max" = mkOverride 500 (pow 2 24); + "net.core.wmem_max" = mkOverride 500 (pow 2 24); + "net.ipv4.tcp_fin_timeout" = mkOverride 500 30; + "net.ipv4.tcp_rmem" = mkOverride 500 (mkTcpMem 12 23 24); + "net.ipv4.tcp_slow_start_after_idle" = 0; + "net.ipv4.tcp_tw_recycle" = mkOverride 500 1; + "net.ipv4.tcp_tw_reuse" = mkOverride 500 1; + "net.ipv4.tcp_wmem" = mkOverride 500 (mkTcpMem 12 23 24); }; - groups.${group} = {}; - }; - my.extraGroups = [group]; - - networking.firewall.allowedTCPPorts = [port]; - - boot.kernel.sysctl = { - "net.core.rmem_max" = mkOverride 500 (pow 2 24); - "net.core.wmem_max" = mkOverride 500 (pow 2 24); - "net.ipv4.tcp_fin_timeout" = mkOverride 500 30; - "net.ipv4.tcp_rmem" = mkOverride 500 (mkTcpMem 12 23 24); - "net.ipv4.tcp_slow_start_after_idle" = 0; - "net.ipv4.tcp_tw_recycle" = mkOverride 500 1; - "net.ipv4.tcp_tw_reuse" = mkOverride 500 1; - "net.ipv4.tcp_wmem" = mkOverride 500 (mkTcpMem 12 23 24); - }; - }) - (let - port = 50001; - pkg = pkgs.nodePackages.flood; - in + } + ) + ( + let + port = 50001; + pkg = pkgs.nodePackages.flood; + in mkIf cfg.flood.enable { nixfiles.modules.nginx = { enable = true; - upstreams.flood.servers."127.0.0.1:${toString port}" = {}; + upstreams.flood.servers."127.0.0.1:${toString port}" = { }; virtualHosts.${cfg.flood.domain} = { root = "${pkg}/lib/node_modules/flood/dist/assets"; locations = { @@ -233,8 +258,11 @@ in { systemd.services.flood = { description = "Flood"; - after = ["network.target" "rtorrent.service"]; - path = with pkgs; [mediainfo]; + after = [ + "network.target" + "rtorrent.service" + ]; + path = with pkgs; [ mediainfo ]; serviceConfig = { Restart = "on-failure"; RestartSec = 3; @@ -255,10 +283,10 @@ in { ]; RuntimeDirectory = "rtorrent"; - RuntimeDirectoryMode = 0750; - UMask = 0027; - AmbientCapabilities = [""]; - CapabilityBoundingSet = [""]; + RuntimeDirectoryMode = 750; + UMask = 27; + AmbientCapabilities = [ "" ]; + CapabilityBoundingSet = [ "" ]; LockPersonality = true; NoNewPrivileges = true; PrivateDevices = true; @@ -274,7 +302,11 @@ in { ProcSubset = "pid"; ProtectProc = "invisible"; RemoveIPC = true; - RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; @@ -288,8 +320,9 @@ in { "~@resources" ]; }; - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; }; - }) + } + ) ]); } diff --git a/modules/nixos/searx.nix b/modules/nixos/searx.nix index 5c37f58..de51a20 100644 --- a/modules/nixos/searx.nix +++ b/modules/nixos/searx.nix @@ -5,9 +5,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.searx; -in { +in +{ options.nixfiles.modules.searx = { enable = mkEnableOption "SearX"; @@ -33,7 +35,7 @@ in { nixfiles.modules.nginx = { enable = true; - upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://searx"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/shadowsocks.nix b/modules/nixos/shadowsocks.nix index 69688da..670faec 100644 --- a/modules/nixos/shadowsocks.nix +++ b/modules/nixos/shadowsocks.nix @@ -5,9 +5,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.shadowsocks; -in { +in +{ options.nixfiles.modules.shadowsocks = { enable = mkEnableOption "Shadowsocks"; @@ -31,61 +33,65 @@ in { systemd.services.shadowsocks = { description = "Shadowsocks"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; serviceConfig = { DynamicUser = true; RuntimeDirectory = "shadowsocks"; LoadCredential = "secret.json:${config.secrets.shadowsocks-json.path}"; - ExecStartPre = let - mergeJson = let - configFile = pkgs.writeText "config.json" (generators.toJSON {} { - server = "::"; - server_port = cfg.port; - # Can't really use AEAD-2022[1] just yet because it's not - # supported by some[2] clients. - # - # [1]: https://shadowsocks.org/doc/sip022.html - # [2]: https://github.com/shadowsocks/ShadowsocksX-NG/issues/1480 - # [2]: https://github.com/shadowsocks/shadowsocks-windows/issues/3448 - # method = "2022-blake3-chacha20-poly1305"; - method = "chacha20-ietf-poly1305"; - password = null; # Must be set as a secret. - users = null; # Muse be set as a secret. - fast_open = true; - acl = pkgs.writeText "block-internal-access.acl" '' - [outbound_block_list] - 0.0.0.0/8 - 10.0.0.0/8 - 100.64.0.0/10 - 127.0.0.0/8 - 169.254.0.0/16 - 172.16.0.0/12 - 192.0.0.0/24 - 192.0.2.0/24 - 192.88.99.0/24 - 192.168.0.0/16 - 198.18.0.0/15 - 198.51.100.0/24 - 203.0.113.0/24 - 224.0.0.0/4 - 240.0.0.0/4 - 255.255.255.255/32 - ::1/128 - ::ffff:127.0.0.1/104 - fc00::/7 - fe80::/10 + ExecStartPre = + let + mergeJson = + let + configFile = pkgs.writeText "config.json" ( + generators.toJSON { } { + server = "::"; + server_port = cfg.port; + # Can't really use AEAD-2022[1] just yet because it's not + # supported by some[2] clients. + # + # [1]: https://shadowsocks.org/doc/sip022.html + # [2]: https://github.com/shadowsocks/ShadowsocksX-NG/issues/1480 + # [2]: https://github.com/shadowsocks/shadowsocks-windows/issues/3448 + # method = "2022-blake3-chacha20-poly1305"; + method = "chacha20-ietf-poly1305"; + password = null; # Must be set as a secret. + users = null; # Muse be set as a secret. + fast_open = true; + acl = pkgs.writeText "block-internal-access.acl" '' + [outbound_block_list] + 0.0.0.0/8 + 10.0.0.0/8 + 100.64.0.0/10 + 127.0.0.0/8 + 169.254.0.0/16 + 172.16.0.0/12 + 192.0.0.0/24 + 192.0.2.0/24 + 192.88.99.0/24 + 192.168.0.0/16 + 198.18.0.0/15 + 198.51.100.0/24 + 203.0.113.0/24 + 224.0.0.0/4 + 240.0.0.0/4 + 255.255.255.255/32 + ::1/128 + ::ffff:127.0.0.1/104 + fc00::/7 + fe80::/10 + ''; + } + ); + in + pkgs.writeShellScript "meregeJson" '' + ${getExe pkgs.jq} \ + -s '.[0] * .[1]' \ + ${configFile} \ + $CREDENTIALS_DIRECTORY/secret.json \ + >$RUNTIME_DIRECTORY/config.json ''; - }); in - pkgs.writeShellScript "meregeJson" '' - ${getExe pkgs.jq} \ - -s '.[0] * .[1]' \ - ${configFile} \ - $CREDENTIALS_DIRECTORY/secret.json \ - >$RUNTIME_DIRECTORY/config.json - ''; - in mergeJson; ExecStart = "${pkgs.shadowsocks-rust}/bin/ssserver --config \${RUNTIME_DIRECTORY}/config.json"; }; @@ -100,7 +106,7 @@ in { ''; }; - networking.firewall.allowedTCPPorts = [cfg.port]; + networking.firewall.allowedTCPPorts = [ cfg.port ]; # https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks boot.kernel.sysctl = { diff --git a/modules/nixos/soju.nix b/modules/nixos/soju.nix index 71dff86..f8212b5 100644 --- a/modules/nixos/soju.nix +++ b/modules/nixos/soju.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.soju; -in { +in +{ options.nixfiles.modules.soju = { enable = mkEnableOption "soju"; @@ -30,7 +32,9 @@ in { }; prometheus = { - enable = mkEnableOption "Prometheus exporter" // {default = true;}; + enable = mkEnableOption "Prometheus exporter" // { + default = true; + }; port = mkOption { description = "Port."; @@ -40,9 +44,10 @@ in { }; }; - config = let - db = "soju"; - in + config = + let + db = "soju"; + in mkIf cfg.enable { nixfiles.modules = { acme.enable = true; @@ -58,7 +63,7 @@ in { }; services.postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; @@ -69,41 +74,41 @@ in { systemd.services.soju = { description = "soju IRC bouncer"; - wantedBy = ["multi-user.target"]; - wants = ["network-online.target"]; - requires = ["postgresql.service"]; - after = ["network-online.target" "postgresql.service"]; + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + requires = [ "postgresql.service" ]; + after = [ + "network-online.target" + "postgresql.service" + ]; serviceConfig = { - ExecStart = let - # https://soju.im/doc/soju.1.html - configFile = pkgs.writeText "soju.conf" '' - listen ircs://${cfg.address}:${toString cfg.port} - tls ${with config.certs.${cfg.domain}; "${directory}/fullchain.pem ${directory}/key.pem"} - ${ - with cfg.prometheus; - optionalString enable - "listen http+prometheus://localhost:${toString port}" - } - db postgres ${ - concatStringsSep " " [ - "host=/run/postgresql" - "user=${db}" - "dbname=${db}" - "sslmode=disable" - ] - } - hostname ${cfg.domain} - title ${cfg.domain} - ''; - in + ExecStart = + let + # https://soju.im/doc/soju.1.html + configFile = pkgs.writeText "soju.conf" '' + listen ircs://${cfg.address}:${toString cfg.port} + tls ${with config.certs.${cfg.domain}; "${directory}/fullchain.pem ${directory}/key.pem"} + ${with cfg.prometheus; optionalString enable "listen http+prometheus://localhost:${toString port}"} + db postgres ${ + concatStringsSep " " [ + "host=/run/postgresql" + "user=${db}" + "dbname=${db}" + "sslmode=disable" + ] + } + hostname ${cfg.domain} + title ${cfg.domain} + ''; + in concatStringsSep " " [ (getExe' pkgs.soju "soju") "-config ${configFile}" ]; DynamicUser = true; - SupplementaryGroups = [config.services.nginx.group]; - AmbientCapabilities = [""]; - CapabilityBoundingSet = [""]; + SupplementaryGroups = [ config.services.nginx.group ]; + AmbientCapabilities = [ "" ]; + CapabilityBoundingSet = [ "" ]; UMask = "0077"; LockPersonality = true; MemoryDenyWriteExecute = true; @@ -122,12 +127,19 @@ in { ProtectProc = "invisible"; ProcSubset = "pid"; RemoveIPC = true; - RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; - SystemCallFilter = ["@system-service" "~@privileged"]; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; }; }; }; diff --git a/modules/nixos/solaar.nix b/modules/nixos/solaar.nix index ccfff4a..17a04de 100644 --- a/modules/nixos/solaar.nix +++ b/modules/nixos/solaar.nix @@ -4,49 +4,59 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.solaar; -in { +in +{ options.nixfiles.modules.solaar = { enable = mkEnableOption "Solaar"; }; config = mkIf cfg.enable { hm = { - home.packages = with pkgs; [solaar]; + home.packages = with pkgs; [ solaar ]; systemd.user.services.solaar = { Unit = { Description = "Device manager for Logitech devices"; - After = ["graphical-session-pre.target"]; - PartOf = ["graphical-session.target"]; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; }; Service = { # The dirtiest hack I've ever implemented... I should be ashamed of # it. Regardless, that shit still doesn't work because each reconnect, # /dev/hidraw* is recreated and has default permissions which breaks # Solaar. Fuck this shit. - ExecStartPre = getExe (pkgs.writeShellApplication { - name = "solaar-pre"; - text = '' - for i in /dev/hidraw*; do - if [ -c "$i" ]; then - sudo chown root:input "$i" - sudo chmod 0660 "$i" - fi - done - ''; - }); + ExecStartPre = getExe ( + pkgs.writeShellApplication { + name = "solaar-pre"; + text = '' + for i in /dev/hidraw*; do + if [ -c "$i" ]; then + sudo chown root:input "$i" + sudo chmod 0660 "$i" + fi + done + ''; + } + ); ExecStart = "${getExe pkgs.solaar "solaar"} --window=hide"; }; - Install.WantedBy = ["graphical-session.target"]; + Install.WantedBy = [ "graphical-session.target" ]; }; }; - boot.kernelModules = ["hid_logitech_dj" "hid_logitech_hidpp"]; + boot.kernelModules = [ + "hid_logitech_dj" + "hid_logitech_hidpp" + ]; hardware.uinput.enable = true; - my.extraGroups = ["uinput" "input"]; + my.extraGroups = [ + "uinput" + "input" + ]; }; } diff --git a/modules/nixos/sonarr.nix b/modules/nixos/sonarr.nix index 5cd8931..b11dda0 100644 --- a/modules/nixos/sonarr.nix +++ b/modules/nixos/sonarr.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.sonarr; -in { +in +{ options.nixfiles.modules.sonarr = { enable = mkEnableOption "Sonarr"; @@ -18,11 +20,11 @@ in { }; config = mkIf cfg.enable { - ark.directories = ["/var/lib/sonarr"]; + ark.directories = [ "/var/lib/sonarr" ]; nixfiles.modules.nginx = { enable = true; - upstreams.sonarr.servers."127.0.0.1:8989" = {}; + upstreams.sonarr.servers."127.0.0.1:8989" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://sonarr"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/sound.nix b/modules/nixos/sound.nix index 073d59c..ff90dfc 100644 --- a/modules/nixos/sound.nix +++ b/modules/nixos/sound.nix @@ -1,13 +1,10 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.sound; -in { - options.nixfiles.modules.sound.enable = - mkEnableOption "sound support"; +in +{ + options.nixfiles.modules.sound.enable = mkEnableOption "sound support"; config = mkIf cfg.enable { services.pipewire = { diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix index ecc983f..74d4afe 100644 --- a/modules/nixos/syncthing.nix +++ b/modules/nixos/syncthing.nix @@ -6,9 +6,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.syncthing; -in { +in +{ options.nixfiles.modules.syncthing = { enable = mkEnableOption "Syncthing"; @@ -74,7 +76,8 @@ in { insecureSkipHostcheck = this.isHeadless; }; - devices = mapAttrs (name: attr: + devices = mapAttrs ( + name: attr: mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) { inherit (attr.syncthing) id; compression = "metadata"; @@ -82,30 +85,33 @@ in { address = "tcp://${name}.${config.networking.domain}:22000"; autoAcceptFolders = true; untrusted = false; - }) - my.configurations; - - folders = let - filterDevices = f: - attrNames (filterAttrs (_: attr: - (attr.hostname != this.hostname) - && (attr.syncthing.id != null) - && f attr) - my.configurations); - all = filterDevices (_: true); - notHeadless = filterDevices (attr: !attr.isHeadless); - notOther = filterDevices (attr: !attr.isOther); - - simple = { - type = "simple"; - params.keep = "5"; - }; - trashcan = { - type = "trashcan"; - params.cleanoutDays = "7"; - }; - in - with config.hm.xdg.userDirs; { + } + ) my.configurations; + + folders = + let + filterDevices = + f: + attrNames ( + filterAttrs ( + _: attr: (attr.hostname != this.hostname) && (attr.syncthing.id != null) && f attr + ) my.configurations + ); + all = filterDevices (_: true); + notHeadless = filterDevices (attr: !attr.isHeadless); + notOther = filterDevices (attr: !attr.isOther); + + simple = { + type = "simple"; + params.keep = "5"; + }; + trashcan = { + type = "trashcan"; + params.cleanoutDays = "7"; + }; + in + with config.hm.xdg.userDirs; + { share = { path = publicShare; devices = notHeadless; @@ -145,7 +151,7 @@ in { (mkIf this.isHeadless { nixfiles.modules.nginx = { enable = true; - upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {}; + upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://syncthing"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/throttled.nix b/modules/nixos/throttled.nix index eca803b..7d37cd4 100644 --- a/modules/nixos/throttled.nix +++ b/modules/nixos/throttled.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.throttled; -in { +in +{ options.nixfiles.modules.throttled.enable = mkEnableOption "Throttled"; config = mkIf cfg.enable { diff --git a/modules/nixos/thunderbird.nix b/modules/nixos/thunderbird.nix index 29ea9c9..74af3b5 100644 --- a/modules/nixos/thunderbird.nix +++ b/modules/nixos/thunderbird.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.thunderbird; -in { +in +{ options.nixfiles.modules.thunderbird.enable = mkEnableOption "Thunderbird"; config = mkIf cfg.enable { @@ -20,7 +18,8 @@ in { isDefault = true; withExternalGnupg = true; # https://github.com/HorlogeSkynet/thunderbird-user.js/blob/master/user.js - settings = with config.colors.withHashtag; + settings = + with config.colors.withHashtag; config.hm.programs.firefox.profiles.default.settings // { "app.donation.eoy.version.viewed" = 999; diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix index 5aaf104..e71d48c 100644 --- a/modules/nixos/unbound.nix +++ b/modules/nixos/unbound.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.unbound; -in { +in +{ options.nixfiles.modules.unbound = { enable = mkEnableOption "Unbound"; @@ -18,11 +20,12 @@ in { }; }; - config = let - adblock-conf = "${config.services.unbound.stateDir}/adblock.conf"; - in + config = + let + adblock-conf = "${config.services.unbound.stateDir}/adblock.conf"; + in mkIf cfg.enable { - ark.directories = [config.services.unbound.stateDir]; + ark.directories = [ config.services.unbound.stateDir ]; nixfiles.modules.redis.enable = true; @@ -45,40 +48,51 @@ in { ipv6.address ]; - local-zone = - concatLists - (mapAttrsToList (h: _: ["\"${h}.${cfg.domain}\" redirect"]) - my.configurations); - local-data = concatLists (mapAttrsToList (hostname: let - domain = "${hostname}.${cfg.domain}"; - in - attr: (optionals (hasAttr "wireguard" attr) (with attr.wireguard; - [ - "\"${domain} 604800 IN A ${ipv4.address}\"" - "\"${domain} 604800 IN AAAA ${ipv6.address}\"" - "\"${domain}. A ${ipv4.address}\"" - "\"${domain}. AAAA ${ipv6.address}\"" - ] - ++ concatMap (domain: [ - "\"${domain}. A ${ipv4.address}\"" - "\"${domain}. AAAA ${ipv6.address}\"" - ]) - attr.domains))) - my.configurations); - local-data-ptr = concatLists (mapAttrsToList (hostname: let - domain = "${hostname}.${cfg.domain}"; - in - attr: (optionals (hasAttr "wireguard" attr) (with attr.wireguard; - [ - "\"${ipv4.address} ${domain}\"" - "\"${ipv6.address} ${domain}\"" - ] - ++ concatMap (domain: [ - "\"${ipv4.address} ${domain}\"" - "\"${ipv6.address} ${domain}\"" - ]) - attr.domains))) - my.configurations); + local-zone = concatLists ( + mapAttrsToList (h: _: [ "\"${h}.${cfg.domain}\" redirect" ]) my.configurations + ); + local-data = concatLists ( + mapAttrsToList ( + hostname: + let + domain = "${hostname}.${cfg.domain}"; + in + attr: + (optionals (hasAttr "wireguard" attr) ( + with attr.wireguard; + [ + "\"${domain} 604800 IN A ${ipv4.address}\"" + "\"${domain} 604800 IN AAAA ${ipv6.address}\"" + "\"${domain}. A ${ipv4.address}\"" + "\"${domain}. AAAA ${ipv6.address}\"" + ] + ++ concatMap (domain: [ + "\"${domain}. A ${ipv4.address}\"" + "\"${domain}. AAAA ${ipv6.address}\"" + ]) attr.domains + )) + ) my.configurations + ); + local-data-ptr = concatLists ( + mapAttrsToList ( + hostname: + let + domain = "${hostname}.${cfg.domain}"; + in + attr: + (optionals (hasAttr "wireguard" attr) ( + with attr.wireguard; + [ + "\"${ipv4.address} ${domain}\"" + "\"${ipv6.address} ${domain}\"" + ] + ++ concatMap (domain: [ + "\"${ipv4.address} ${domain}\"" + "\"${ipv6.address} ${domain}\"" + ]) attr.domains + )) + ) my.configurations + ); private-domain = map (domain: "${domain}.") [ cfg.domain @@ -124,9 +138,19 @@ in { { name = "."; forward-tls-upstream = true; - forward-addr = let - mkDnsOverTls = ips: auth: map (ip: concatStrings [ip "@" auth]) ips; - in + forward-addr = + let + mkDnsOverTls = + ips: auth: + map ( + ip: + concatStrings [ + ip + "@" + auth + ] + ) ips; + in mkDnsOverTls dns.const.quad9.default "853#dns.quad9.net"; } ]; @@ -154,40 +178,45 @@ in { systemd = { services = { - unbound.after = ["unbound-adblock-update.service"]; + unbound.after = [ "unbound-adblock-update.service" ]; unbound-adblock-update = { serviceConfig = with config.services.unbound; { Type = "oneshot"; User = user; Group = group; - ExecStart = getExe (pkgs.writeShellApplication { - name = "unbound-adblock-update"; - runtimeInputs = [pkgs.curl package]; - text = '' - curl \ - -s \ - -o ${adblock-conf} \ - "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/multi.blacklist.conf" - - if [[ -f "${localControlSocketPath}" ]]; then - unbound-control reload - fi - ''; - }); + ExecStart = getExe ( + pkgs.writeShellApplication { + name = "unbound-adblock-update"; + runtimeInputs = [ + pkgs.curl + package + ]; + text = '' + curl \ + -s \ + -o ${adblock-conf} \ + "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/multi.blacklist.conf" + + if [[ -f "${localControlSocketPath}" ]]; then + unbound-control reload + fi + ''; + } + ); }; }; }; timers.unbound-adblock-update = { - requires = ["network-online.target"]; - after = ["network-online.target"]; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; timerConfig = { OnCalendar = "daily"; Persistent = true; Unit = "unbound-adblock-update.service"; }; - wantedBy = ["timers.target"]; + wantedBy = [ "timers.target" ]; }; }; diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix index 53a3f81..2cacb6c 100644 --- a/modules/nixos/vaultwarden.nix +++ b/modules/nixos/vaultwarden.nix @@ -4,9 +4,11 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.vaultwarden; -in { +in +{ options.nixfiles.modules.vaultwarden = { enable = mkEnableOption "Vaultwarden"; @@ -17,11 +19,12 @@ in { }; }; - config = let - db = "vaultwarden"; - in + config = + let + db = "vaultwarden"; + in mkIf cfg.enable { - ark.directories = ["/var/lib/bitwarden_rs"]; + ark.directories = [ "/var/lib/bitwarden_rs" ]; secrets.vaultwarden-environment = { file = "${inputs.self}/secrets/vaultwarden-environment"; @@ -33,8 +36,8 @@ in { nginx = { enable = true; upstreams = with config.services.vaultwarden.config; { - vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = {}; - vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = {}; + vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = { }; + vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = { }; }; virtualHosts.${cfg.domain}.locations = { "/" = { @@ -95,7 +98,7 @@ in { }; postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; @@ -123,14 +126,14 @@ in { }; environment.etc = { - "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI {} { + "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI { } { Definition = { failregex = "^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$"; ignoreregex = ""; journalmatch = "_SYSTEMD_UNIT=vaultwarden.service"; }; }; - "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI {} { + "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI { } { Definition = { failregex = "^.*Invalid admin token\. IP: <ADDR>.*$"; ignoreregex = ""; diff --git a/modules/nixos/victoriametrics.nix b/modules/nixos/victoriametrics.nix index 6b037b9..88dff1b 100644 --- a/modules/nixos/victoriametrics.nix +++ b/modules/nixos/victoriametrics.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.prometheus; -in { +in +{ options.nixfiles.modules.prometheus = { enable = mkEnableOption "VictoriaMetrics"; @@ -26,7 +28,7 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = with cfg; { enable = true; - upstreams.victoriametrics.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.victoriametrics.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${domain} = { locations."/".proxyPass = "http://victoriametrics"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/vim/default.nix b/modules/nixos/vim/default.nix index 2fdf064..5d62e35 100644 --- a/modules/nixos/vim/default.nix +++ b/modules/nixos/vim/default.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.vim; -in { +in +{ config = mkIf cfg.enable { programs.vim.package = (pkgs.vim-full.override { @@ -23,13 +25,13 @@ in { rubySupport = false; tclSupport = false; ximSupport = false; - }) - .customize { - name = "vim"; - vimrcConfig = with cfg; { - customRC = rc; - packages.myVimPackage.start = plugins; + }).customize + { + name = "vim"; + vimrcConfig = with cfg; { + customRC = rc; + packages.myVimPackage.start = plugins; + }; }; - }; }; } diff --git a/modules/nixos/wayland.nix b/modules/nixos/wayland.nix index b64ab32..e3dba79 100644 --- a/modules/nixos/wayland.nix +++ b/modules/nixos/wayland.nix @@ -4,12 +4,16 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.wayland; -in { +in +{ options.nixfiles.modules.wayland.enable = mkEnableOption "Wayland"; config = mkIf cfg.enable { - hm.home.packages = with pkgs; [wl-clipboard]; + nixfiles.modules.foot.enable = true; + + hm.home.packages = with pkgs; [ wl-clipboard ]; }; } diff --git a/modules/nixos/wireguard.nix b/modules/nixos/wireguard.nix index d05c6ae..f645a90 100644 --- a/modules/nixos/wireguard.nix +++ b/modules/nixos/wireguard.nix @@ -6,9 +6,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.wireguard; -in { +in +{ options.nixfiles.modules.wireguard = { client = { enable = mkEnableOption "WireGuard client"; @@ -56,16 +58,20 @@ in { peers = mkOption { description = "List of peers."; type = with types; listOf attrs; - default = mapAttrsToList (_: attr: - with attr; { - inherit (wireguard) publicKey; - allowedIPs = with wireguard; [ - "${ipv4.address}/32" - "${ipv6.address}/128" - ]; - }) (filterAttrs (_: attr: - attr.hostname != this.hostname && hasAttr "wireguard" attr) - my.configurations); + default = + mapAttrsToList + ( + _: attr: with attr; { + inherit (wireguard) publicKey; + allowedIPs = with wireguard; [ + "${ipv4.address}/32" + "${ipv6.address}/128" + ]; + } + ) + ( + filterAttrs (_: attr: attr.hostname != this.hostname && hasAttr "wireguard" attr) my.configurations + ); }; }; @@ -105,13 +111,16 @@ in { (mkIf (cfg.client.enable || cfg.server.enable) { secrets."wireguard-private-key-${this.hostname}".file = "${inputs.self}/secrets/wireguard-private-key-${this.hostname}"; - networking.firewall.trustedInterfaces = [cfg.interface]; + networking.firewall.trustedInterfaces = [ cfg.interface ]; }) (mkIf cfg.client.enable { networking.wg-quick.interfaces.${cfg.interface} = mkMerge [ (with this.wireguard; { privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; - address = ["${ipv4.address}/16" "${ipv6.address}/16"]; + address = [ + "${ipv4.address}/16" + "${ipv6.address}/16" + ]; }) (with cfg.server; { peers = [ @@ -119,15 +128,16 @@ in { inherit publicKey; endpoint = "${address}:${toString port}"; allowedIPs = - if cfg.client.enableTrafficRouting - then [ - "0.0.0.0/0" - "::/0" - ] - else [ - cfg.ipv4.subnet - cfg.ipv6.subnet - ]; + if cfg.client.enableTrafficRouting then + [ + "0.0.0.0/0" + "::/0" + ] + else + [ + cfg.ipv4.subnet + cfg.ipv6.subnet + ]; persistentKeepalive = 25; } ]; @@ -141,7 +151,11 @@ in { environment.systemPackages = with pkgs; [ (writeShellApplication { name = "wg-toggle"; - runtimeInputs = [iproute2 jq wireguard-tools]; + runtimeInputs = [ + iproute2 + jq + wireguard-tools + ]; text = '' ip46() { sudo ip -4 "$@" @@ -166,7 +180,10 @@ in { enable = true; interfaces.${cfg.interface} = with cfg.server; { privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; - ips = ["${ipv4.address}/16" "${ipv6.address}/16"]; + ips = [ + "${ipv4.address}/16" + "${ipv6.address}/16" + ]; listenPort = port; inherit peers; allowedIPsAsRoutes = false; @@ -179,12 +196,12 @@ in { externalInterface = mkDefault "eth0"; - internalInterfaces = [cfg.interface]; - internalIPs = [cfg.ipv4.subnet]; - internalIPv6s = [cfg.ipv6.subnet]; + internalInterfaces = [ cfg.interface ]; + internalIPs = [ cfg.ipv4.subnet ]; + internalIPv6s = [ cfg.ipv6.subnet ]; }; - firewall.allowedUDPPorts = [cfg.server.port]; + firewall.allowedUDPPorts = [ cfg.server.port ]; }; services.prometheus.exporters.wireguard = { diff --git a/modules/nixos/x11.nix b/modules/nixos/x11.nix index 52420db..55ba0b5 100644 --- a/modules/nixos/x11.nix +++ b/modules/nixos/x11.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.x11; -in { +in +{ options.nixfiles.modules.x11.enable = mkEnableOption "X11"; config = mkIf cfg.enable { @@ -19,7 +21,7 @@ in { XCOMPOSECACHE = "${config.dirs.cache}/libx11/compose"; }; - packages = with pkgs; [xclip]; + packages = with pkgs; [ xclip ]; }; xresources.properties = { @@ -34,21 +36,23 @@ in { services.xsettingsd = { enable = true; # https://codeberg.org/derat/xsettingsd#settings - settings = let - xprop = config.hm.xresources.properties; - in { - "Net/CursorBlink" = 1; - "Net/CursorBlinkTime" = 1200; - "Net/DndDragThreshold" = 0; - "Net/DoubleClickDistance" = 5; - "Net/DoubleClickTime" = 250; - "Net/EnableEventSounds" = 1; - "Net/EnableInputFeedbackSounds" = 1; - "Xft/Antialias" = xprop."Xft.antialias"; - "Xft/HintStyle" = xprop."Xft.hintstyle"; - "Xft/Hinting" = xprop."Xft.hinting"; - "Xft/RGBA" = xprop."Xft.rgba"; - }; + settings = + let + xprop = config.hm.xresources.properties; + in + { + "Net/CursorBlink" = 1; + "Net/CursorBlinkTime" = 1200; + "Net/DndDragThreshold" = 0; + "Net/DoubleClickDistance" = 5; + "Net/DoubleClickTime" = 250; + "Net/EnableEventSounds" = 1; + "Net/EnableInputFeedbackSounds" = 1; + "Xft/Antialias" = xprop."Xft.antialias"; + "Xft/HintStyle" = xprop."Xft.hintstyle"; + "Xft/Hinting" = xprop."Xft.hinting"; + "Xft/RGBA" = xprop."Xft.rgba"; + }; }; }; diff --git a/modules/nixos/xmonad.nix b/modules/nixos/xmonad.nix index b4eb4a0..7b49f52 100644 --- a/modules/nixos/xmonad.nix +++ b/modules/nixos/xmonad.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.xmonad; -in { +in +{ options.nixfiles.modules.xmonad.enable = mkEnableOption "XMonad"; config = mkIf cfg.enable { @@ -24,6 +26,6 @@ in { services.xserver.displayManager.startx.enable = true; - nixpkgs.overlays = [inputs.xmonad-ng.overlays.default]; + nixpkgs.overlays = [ inputs.xmonad-ng.overlays.default ]; }; } diff --git a/modules/nixos/zathura.nix b/modules/nixos/zathura.nix index e7d1415..95039a5 100644 --- a/modules/nixos/zathura.nix +++ b/modules/nixos/zathura.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.zathura; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules.common.xdg.defaultApplications."org.pwmt.zathura" = [ "application/pdf" |