diff options
author | Azat Bahawi <azat@bahawi.net> | 2024-03-31 21:29:27 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2024-03-31 21:29:27 +0300 |
commit | 9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 (patch) | |
tree | f28beec29deeea36038615a8fb98a810891940b5 /modules | |
parent | 2024-03-19 (diff) |
2024-03-31
Diffstat (limited to '')
151 files changed, 4172 insertions, 3644 deletions
diff --git a/modules/common/alacritty.nix b/modules/common/alacritty.nix index 892516b..704ce79 100644 --- a/modules/common/alacritty.nix +++ b/modules/common/alacritty.nix @@ -1,13 +1,10 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.alacritty; -in { - options.nixfiles.modules.alacritty.enable = - mkEnableOption "Alacritty terminal emulator"; +in +{ + options.nixfiles.modules.alacritty.enable = mkEnableOption "Alacritty terminal emulator"; config = mkIf cfg.enable { hm.programs.alacritty = { diff --git a/modules/common/aria2.nix b/modules/common/aria2.nix index 449d96c..cdf1c4f 100644 --- a/modules/common/aria2.nix +++ b/modules/common/aria2.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.aria2; -in { +in +{ options.nixfiles.modules.aria2.enable = mkEnableOption "aria2"; config = mkIf cfg.enable { diff --git a/modules/common/bat.nix b/modules/common/bat.nix index 89444d9..a95d67d 100644 --- a/modules/common/bat.nix +++ b/modules/common/bat.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.bat; -in { +in +{ options.nixfiles.modules.bat.enable = mkEnableOption "bat, an alternative to cat"; config = mkIf cfg.enable { diff --git a/modules/common/common/documentation.nix b/modules/common/common/documentation.nix index e9d4a79..2202e11 100644 --- a/modules/common/common/documentation.nix +++ b/modules/common/common/documentation.nix @@ -4,7 +4,8 @@ this, ... }: -with lib; { +with lib; +{ config = mkMerge [ (mkIf this.isHeadful { hm.manual = { diff --git a/modules/common/common/home-manager.nix b/modules/common/common/home-manager.nix index 97d7286..3c9fa0e 100644 --- a/modules/common/common/home-manager.nix +++ b/modules/common/common/home-manager.nix @@ -4,17 +4,21 @@ localUsername ? lib.my.username, ... }: -with lib; { +with lib; +{ imports = [ - (mkAliasOptionModule ["hm"] ["home-manager" "users" localUsername]) + (mkAliasOptionModule [ "hm" ] [ + "home-manager" + "users" + localUsername + ]) ]; hm = { news.display = "silent"; # NOTE Inheriting directly from `system.stateVersion` does not work with # nix-darwin for some reason. - home.stateVersion = with builtins; - head (split "\n" (readFile "${inputs.nixpkgs}/.version")); + home.stateVersion = with builtins; head (split "\n" (readFile "${inputs.nixpkgs}/.version")); }; home-manager = { diff --git a/modules/common/common/networking.nix b/modules/common/common/networking.nix index e5d27d8..2e19162 100644 --- a/modules/common/common/networking.nix +++ b/modules/common/common/networking.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [myip]; +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ myip ]; } diff --git a/modules/common/common/nix.nix b/modules/common/common/nix.nix index ecd5874..6cc32d3 100644 --- a/modules/common/common/nix.nix +++ b/modules/common/common/nix.nix @@ -4,96 +4,96 @@ lib, localUsername ? lib.my.username, pkgs, + pkgsPr, this, ... }: -with lib; { - _module.args = let - importNixpkgs = nixpkgs: - import nixpkgs { - inherit (config.nixpkgs) config; - inherit (this) system; - }; - in rec { - pkgsLocal = importNixpkgs "${config.my.home}/src/nixpkgs"; # Impure! - pkgsMaster = importNixpkgs inputs.nixpkgs-master; - pkgsStable = importNixpkgs inputs.nixpkgs-stable; - pkgsRev = rev: hash: - importNixpkgs (pkgs.fetchFromGitHub { - owner = "NixOS"; - repo = "nixpkgs"; - inherit rev hash; - }); - pkgsPr = pr: pkgsRev "refs/pull/${toString pr}/head"; - }; +with lib; +{ + _module.args = + let + importNixpkgs = + nixpkgs: + import nixpkgs { + inherit (config.nixpkgs) config; + inherit (this) system; + }; + in + rec { + pkgsLocal = importNixpkgs "${config.my.home}/src/nixpkgs"; # Impure! + pkgsMaster = importNixpkgs inputs.nixpkgs-master; + pkgsStable = importNixpkgs inputs.nixpkgs-stable; + pkgsRev = + rev: hash: + importNixpkgs ( + pkgs.fetchFromGitHub { + owner = "NixOS"; + repo = "nixpkgs"; + inherit rev hash; + } + ); + pkgsPr = pr: pkgsRev "refs/pull/${toString pr}/head"; + }; - nix = let - notSelfInputs = filterAttrs (n: _: n != "self") inputs; - in { - settings = { - # https://nixos.org/manual/nix/unstable/contributing/experimental-features.html#currently-available-experimental-features - # https://github.com/NixOS/nix/blob/master/src/libutil/experimental-features.cc - experimental-features = concatStringsSep " " [ - "flakes" - "nix-command" - "recursive-nix" - "repl-flake" - ]; + nixpkgs.overlays = with inputs; [ + self.overlays.default + (_: _: { + inherit (pkgsPr 298756 "sha256-AxNXEDRb9yEde0sPEBRxfXSAu/ZL6/BlOzSj+aoOlHk=") qolibri; + inherit (pkgsPr 298346 "sha256-CSEUeivyTWxVskjWzDUal8KYthk7UYMOM4KdjZyhV3o=") dmalloc; + }) + ]; - keep-derivations = - if this.isHeadful - then "true" - else "false"; - keep-outputs = - if this.isHeadful - then "true" - else "false"; + nix = + let + notSelfInputs = filterAttrs (n: _: n != "self") inputs; + in + { + settings = { + # https://nixos.org/manual/nix/unstable/contributing/experimental-features.html#currently-available-experimental-features + # https://github.com/NixOS/nix/blob/master/src/libutil/experimental-features.cc + experimental-features = concatStringsSep " " [ + "flakes" + "nix-command" + "recursive-nix" + "repl-flake" + ]; - flake-registry = "${inputs.flake-registry}/flake-registry.json"; + keep-derivations = if this.isHeadful then "true" else "false"; + keep-outputs = if this.isHeadful then "true" else "false"; - warn-dirty = false; + flake-registry = "${inputs.flake-registry}/flake-registry.json"; - keep-going = true; + warn-dirty = false; - substituters = [ - "https://azahi.cachix.org" - "https://cache.iog.io" - "https://cachix.cachix.org" - "https://nix-community.cachix.org" - "https://organist.cachix.org" - "https://pre-commit-hooks.cachix.org" - "https://tweag-nickel.cachix.org" - ]; - trusted-public-keys = [ - "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" - "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" - "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "organist.cachix.org-1:GB9gOx3rbGl7YEh6DwOscD1+E/Gc5ZCnzqwObNH2Faw=" - "pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc=" - "tweag-nickel.cachix.org-1:GIthuiK4LRgnW64ALYEoioVUQBWs0jexyoYVeLDBwRA=" - ]; + keep-going = true; - trusted-users = ["root" localUsername]; - }; + substituters = [ + "https://azahi.cachix.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; - nixPath = - mapAttrsToList (n: v: "${n}=${v}") notSelfInputs - ++ ["nixfiles=${config.my.home}/src/nixfiles"]; + trusted-users = [ + "root" + localUsername + ]; + }; - registry = - mapAttrs (_: flake: {inherit flake;}) notSelfInputs - // {nixfiles.flake = inputs.self;}; - }; + nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [ + "nixfiles=${config.my.home}/src/nixfiles" + ]; - nixpkgs.overlays = with inputs; [ - self.overlays.default - (_: _: { - }) - ]; + registry = mapAttrs (_: flake: { inherit flake; }) notSelfInputs // { + nixfiles.flake = inputs.self; + }; + }; environment = { - systemPackages = with pkgs; + systemPackages = + with pkgs; optionals this.isHeadful [ nix-top nix-tree @@ -104,9 +104,10 @@ with lib; { hm = { # Used primarily in conjunction with the "nixfiles" script. - home.file.".nix-defexpr/default.nix".text = let - hostname = strings.escapeNixIdentifier this.hostname; - in + home.file.".nix-defexpr/default.nix".text = + let + hostname = strings.escapeNixIdentifier this.hostname; + in optionalString this.isHeadful '' let self = builtins.getFlake "nixfiles"; diff --git a/modules/common/common/secrets.nix b/modules/common/common/secrets.nix index fdc2501..3c05c09 100644 --- a/modules/common/common/secrets.nix +++ b/modules/common/common/secrets.nix @@ -6,19 +6,24 @@ this, ... }: -with lib; { - imports = [(mkAliasOptionModule ["secrets"] ["age" "secrets"])]; +with lib; +{ + imports = [ + (mkAliasOptionModule [ "secrets" ] [ + "age" + "secrets" + ]) + ]; config = { age.identityPaths = - if this.isHeadful - then ["${config.my.home}/.ssh/id_${my.ssh.type}"] + if this.isHeadful then + [ "${config.my.home}/.ssh/id_${my.ssh.type}" ] else - map (attr: attr.path) (filter (attr: attr.type == my.ssh.type) - config.services.openssh.hostKeys); + map (attr: attr.path) (filter (attr: attr.type == my.ssh.type) config.services.openssh.hostKeys); - environment.systemPackages = with pkgs; [agenix]; + environment.systemPackages = with pkgs; [ agenix ]; - nixpkgs.overlays = [inputs.agenix.overlays.default]; + nixpkgs.overlays = [ inputs.agenix.overlays.default ]; }; } diff --git a/modules/common/common/shell/default.nix b/modules/common/common/shell/default.nix index 8c3fa8a..883bfae 100644 --- a/modules/common/common/shell/default.nix +++ b/modules/common/common/shell/default.nix @@ -6,53 +6,55 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.common.shell; -in { +in +{ options.nixfiles.modules.common.shell.aliases = mkOption { description = "An attribute set of shell aliases."; type = with types; attrsOf str; - default = {}; + default = { }; }; config = { hm = { - imports = [inputs.nix-index-database.hmModules.nix-index]; + imports = [ inputs.nix-index-database.hmModules.nix-index ]; programs = { bash = { enable = true; - initExtra = let - aliasCompletions = - concatStringsSep "\n" - (mapAttrsToList - (name: _: "complete -F _complete_alias ${name}") - cfg.aliases); - in '' - # Apropriated from the default NixOS prompt settings. - if [ "$TERM" != "dumb" ] || [ -n "$INSIDE_EMACS" ]; then - PROMPT_COLOR="1;31m" - ((UID)) && PROMPT_COLOR="1;32m" - if [ -n "$INSIDE_EMACS" ] || [ "$TERM" = "eterm" ] || [ "$TERM" = "eterm-color" ]; then - PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] " - else - PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\\$\[\033[0m\] " - fi - if test "$TERM" = "xterm"; then - PS1="\[\033]2;\h:\u:\w\007\]$PS1" - fi - fi + initExtra = + let + aliasCompletions = concatStringsSep "\n" ( + mapAttrsToList (name: _: "complete -F _complete_alias ${name}") cfg.aliases + ); + in + '' + # Apropriated from the default NixOS prompt settings. + if [ "$TERM" != "dumb" ] || [ -n "$INSIDE_EMACS" ]; then + PROMPT_COLOR="1;31m" + ((UID)) && PROMPT_COLOR="1;32m" + if [ -n "$INSIDE_EMACS" ] || [ "$TERM" = "eterm" ] || [ "$TERM" = "eterm-color" ]; then + PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] " + else + PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\\$\[\033[0m\] " + fi + if test "$TERM" = "xterm"; then + PS1="\[\033]2;\h:\u:\w\007\]$PS1" + fi + fi - source "${./functions.bash}" + source "${./functions.bash}" - source "${getExe' pkgs.complete-alias "complete_alias"}" - ${aliasCompletions} + source "${getExe' pkgs.complete-alias "complete_alias"}" + ${aliasCompletions} - # https://github.com/garabik/grc?tab=readme-ov-file#bash - GRC_ALIASES=true - source ${pkgs.grc}/etc/profile.d/grc.sh - ''; + # https://github.com/garabik/grc?tab=readme-ov-file#bash + GRC_ALIASES=true + source ${pkgs.grc}/etc/profile.d/grc.sh + ''; shellOptions = [ "autocd" @@ -74,57 +76,109 @@ in { ]; shellAliases = - listToAttrs - (map - ({ - name, - value, - }: - nameValuePair name (with pkgs; let - pkg = - if this.isHeadful - then - (pkgs.coreutils.overrideAttrs (_: super: { - patches = - (super.patches or []) - ++ [ - (fetchpatch { - url = "https://raw.githubusercontent.com/jarun/advcpmv/a1f8b505e691737db2f7f2b96275802c45f65c59/advcpmv-0.9-9.4.patch"; - hash = "sha256-4fdqpkENPfra4nFQU4+xNrlfq6Dw/2JIZXUOMmdMtcM="; - }) - ]; - })) - else coreutils; - in "${getExe' pkg "coreutils"} --coreutils-prog=${value}")) - ( - let - mkAlias = { - name ? head command, - command, - }: { - inherit name; - value = concatStringsSep " " command; - }; + listToAttrs ( + map + ( + { name, value }: + nameValuePair name ( + with pkgs; + let + pkg = + if this.isHeadful then + (pkgs.coreutils.overrideAttrs ( + _: super: { + patches = (super.patches or [ ]) ++ [ + (fetchpatch { + url = "https://raw.githubusercontent.com/jarun/advcpmv/a1f8b505e691737db2f7f2b96275802c45f65c59/advcpmv-0.9-9.4.patch"; + hash = "sha256-4fdqpkENPfra4nFQU4+xNrlfq6Dw/2JIZXUOMmdMtcM="; + }) + ]; + } + )) + else + coreutils; + in + "${getExe' pkg "coreutils"} --coreutils-prog=${value}" + ) + ) + ( + let + mkAlias = + { + name ? head command, + command, + }: + { + inherit name; + value = concatStringsSep " " command; + }; - progressBar = optionalString this.isHeadful "--progress-bar"; - in [ - (mkAlias {command = ["cp" "--interactive" "--recursive" progressBar];}) - (mkAlias {command = ["mv" "--interactive" progressBar];}) - (mkAlias {command = ["rm" "--interactive=once"];}) - (mkAlias {command = ["ln" "--interactive"];}) - (mkAlias {command = ["mkdir" "--parents"];}) - (mkAlias {command = ["rmdir" "--parents"];}) - (mkAlias { - name = "lower"; - command = ["tr" "'[:upper:]'" "'[:lower:]'"]; - }) - (mkAlias { - name = "upper"; - command = ["tr" "'[:lower:]'" "'[:upper:]'"]; - }) - ] - )) - // (genAttrs ["grep" "egrep" "fgrep"] (name: "${pkgs.gnugrep}/bin/${name} --color=always")) + progressBar = optionalString this.isHeadful "--progress-bar"; + in + [ + (mkAlias { + command = [ + "cp" + "--interactive" + "--recursive" + progressBar + ]; + }) + (mkAlias { + command = [ + "mv" + "--interactive" + progressBar + ]; + }) + (mkAlias { + command = [ + "rm" + "--interactive=once" + ]; + }) + (mkAlias { + command = [ + "ln" + "--interactive" + ]; + }) + (mkAlias { + command = [ + "mkdir" + "--parents" + ]; + }) + (mkAlias { + command = [ + "rmdir" + "--parents" + ]; + }) + (mkAlias { + name = "lower"; + command = [ + "tr" + "'[:upper:]'" + "'[:lower:]'" + ]; + }) + (mkAlias { + name = "upper"; + command = [ + "tr" + "'[:lower:]'" + "'[:upper:]'" + ]; + }) + ] + ) + ) + // (genAttrs [ + "grep" + "egrep" + "fgrep" + ] (name: "${pkgs.gnugrep}/bin/${name} --color=always")) // cfg.aliases; }; @@ -134,7 +188,7 @@ in { nix-index-database.comma.enable = true; }; - home.packages = with pkgs; [grc]; + home.packages = with pkgs; [ grc ]; }; environment = { diff --git a/modules/common/common/stylix.nix b/modules/common/common/stylix.nix index 30bf582..f1b8f81 100644 --- a/modules/common/common/stylix.nix +++ b/modules/common/common/stylix.nix @@ -1,11 +1,8 @@ +{ lib, pkgs, ... }: +with lib; { - lib, - pkgs, - ... -}: -with lib; { imports = [ - (mkAliasOptionModule ["colors"] [ + (mkAliasOptionModule [ "colors" ] [ "lib" "stylix" "colors" @@ -45,12 +42,12 @@ with lib; { }; serif = { - package = pkgs.iosevka-bin.override {variant = "Etoile";}; + package = pkgs.iosevka-bin.override { variant = "Etoile"; }; name = "Iosevka Etoile"; }; sansSerif = { - package = pkgs.iosevka-bin.override {variant = "Aile";}; + package = pkgs.iosevka-bin.override { variant = "Aile"; }; name = "Iosevka Aile"; }; diff --git a/modules/common/common/users.nix b/modules/common/common/users.nix index aee0e38..dc1b32e 100644 --- a/modules/common/common/users.nix +++ b/modules/common/common/users.nix @@ -3,6 +3,13 @@ localUsername ? lib.my.username, ... }: -with lib; { - imports = [(mkAliasOptionModule ["my"] ["users" "users" localUsername])]; +with lib; +{ + imports = [ + (mkAliasOptionModule [ "my" ] [ + "users" + "users" + localUsername + ]) + ]; } diff --git a/modules/common/common/xdg.nix b/modules/common/common/xdg.nix index 04ca544..4463c15 100644 --- a/modules/common/common/xdg.nix +++ b/modules/common/common/xdg.nix @@ -1,18 +1,35 @@ +{ config, lib, ... }: +with lib; { - config, - lib, - ... -}: -with lib; { - imports = let - withBase = a: ["nixfiles" "modules" "common" "xdg" a]; - in [ - (mkAliasOptionModule ["dirs" "cache"] (withBase "cacheHome")) - (mkAliasOptionModule ["dirs" "config"] (withBase "configHome")) - (mkAliasOptionModule ["dirs" "data"] (withBase "dataHome")) - (mkAliasOptionModule ["dirs" "state"] (withBase "stateHome")) - (mkAliasOptionModule ["userDirs"] (withBase "userDirs")) - ]; + imports = + let + withBase = a: [ + "nixfiles" + "modules" + "common" + "xdg" + a + ]; + in + [ + (mkAliasOptionModule [ + "dirs" + "cache" + ] (withBase "cacheHome")) + (mkAliasOptionModule [ + "dirs" + "config" + ] (withBase "configHome")) + (mkAliasOptionModule [ + "dirs" + "data" + ] (withBase "dataHome")) + (mkAliasOptionModule [ + "dirs" + "state" + ] (withBase "stateHome")) + (mkAliasOptionModule [ "userDirs" ] (withBase "userDirs")) + ]; options.nixfiles.modules.common.xdg = { cacheHome = mkOption { @@ -33,21 +50,23 @@ with lib; { }; userDirs = mkOption { type = types.attrs; - default = let - inherit (config.my) home; - tmp = home + "/tmp"; - in { - enable = true; + default = + let + inherit (config.my) home; + tmp = home + "/tmp"; + in + { + enable = true; - desktop = tmp; - documents = "${home}/doc"; - download = tmp; - music = tmp; - pictures = tmp; - publicShare = "${home}/share"; - templates = tmp; - videos = tmp; - }; + desktop = tmp; + documents = "${home}/doc"; + download = tmp; + music = tmp; + pictures = tmp; + publicShare = "${home}/share"; + templates = tmp; + videos = tmp; + }; }; }; } diff --git a/modules/common/curl.nix b/modules/common/curl.nix index 1514a09..6895262 100644 --- a/modules/common/curl.nix +++ b/modules/common/curl.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.curl; -in { +in +{ options.nixfiles.modules.curl.enable = mkEnableOption "cURL"; config = mkIf cfg.enable { diff --git a/modules/common/direnv.nix b/modules/common/direnv.nix index 3429218..ececad8 100644 --- a/modules/common/direnv.nix +++ b/modules/common/direnv.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.direnv; -in { +in +{ options.nixfiles.modules.direnv.enable = mkEnableOption "direnv"; config = mkIf cfg.enable { diff --git a/modules/common/editorconfig.nix b/modules/common/editorconfig.nix index 537912f..5dfe845 100644 --- a/modules/common/editorconfig.nix +++ b/modules/common/editorconfig.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.editorconfig; -in { +in +{ options.nixfiles.modules.editorconfig.enable = mkEnableOption "Editorconfig"; config = mkIf cfg.enable { diff --git a/modules/common/emacs/default.nix b/modules/common/emacs/default.nix index 9259011..2d0fe67 100644 --- a/modules/common/emacs/default.nix +++ b/modules/common/emacs/default.nix @@ -7,9 +7,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.emacs; -in { +in +{ options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs"; config = mkIf cfg.enable { @@ -29,211 +31,225 @@ in { hm = { stylix.targets.emacs.enable = false; - xdg.configFile = mapAttrs (_: value: - value - // { - onChange = with config.hm.programs; '' - export EMACSDIR="''${XDG_CONFIG_HOME:-$HOME/.config}/emacs" - export DOOMDIR="''${XDG_CONFIG_HOME:-$HOME/.config}/doom" - - if [[ ! -d "$EMACSDIR/.git" ]]; then - ${getExe git.package} clone --depth=1 --branch=master \ - "https://github.com/doomemacs/doomemacs" "$EMACSDIR" - fi + xdg.configFile = + mapAttrs + ( + _: value: + value + // { + onChange = with config.hm.programs; '' + export EMACSDIR="''${XDG_CONFIG_HOME:-$HOME/.config}/emacs" + export DOOMDIR="''${XDG_CONFIG_HOME:-$HOME/.config}/doom" - if [[ ! -d "$DOOMDIR/snippets" ]]; then - mkdir -p "$DOOMDIR/snippets" - fi + if [[ ! -d "$EMACSDIR/.git" ]]; then + ${getExe git.package} clone --depth=1 --branch=master \ + "https://github.com/doomemacs/doomemacs" "$EMACSDIR" + fi - if [[ -x "$EMACSDIR/bin/doom" ]]; then - if [[ ! -d "$EMACSDIR/.local" ]]; then - PATH="''${PATH:-/bin:/usr/bin:/usr/local/bin}:${emacs.package}/bin:${git.package}/bin" \ - "$EMACSDIR/bin/doom" install --force --verbose - fi + if [[ ! -d "$DOOMDIR/snippets" ]]; then + mkdir -p "$DOOMDIR/snippets" + fi - PATH="''${PATH:-/bin:/usr/bin:/usr/local/bin}:${emacs.package}/bin:${git.package}/bin" \ - "$EMACSDIR/bin/doom" sync -e -p --force --verbose - fi - ''; - }) { - "doom/init.el".source = ./doom/init.el; - "doom/packages.el".source = ./doom/packages.el; - "doom/config.el" = { - text = concatLines [ - (let - extraBins = with pkgs; - [ - (aspellWithDicts (p: with p; [en ru])) # :checkers (spell +aspell) - asmfmt # :editor format - cargo # :lang rust - clang-tools # :lang (cc +lsp) :editor format - cmake-format # :lang cc :editor format - cmigemo # :lang japanese - config.hm.programs.emacs.package # !doom - config.nix.package # !doom - delve # :lang go :tools debugger - dockerfile-language-server-nodejs # :tools (docker +lsp) - dockfmt # :tools docker :editor format - editorconfig-core-c # :tools editorconfig - fd # doom! - gcc # :lang cc - ghc # :lang haskell - gnuplot # :lang (org +gnuplot) - gnutar # :tools tree-sitter - gnutls # doom! :app irc - go # :lang go - godef # :lang go - gomodifytags # :lang go - gopls # :lang (go +lsp) - gore # :lang go - gotests # :lang go - gotools # :lang go - graphviz # :lang (org +roam2) :lang plantuml - gzip # :tools tree-sitter - haskellPackages.cabal-fmt # :lang haskell :editor format - haskellPackages.cabal-install # :lang haskell - haskellPackages.haskell-language-server # :lang (haskell +lsp) - haskellPackages.hoogle # :lang haskell - haskellPackages.ormolu # :lang haskell :editor format - html-tidy # :lang web :editor format - jdk # :lang java :lang plantuml :checkers grammar - languagetool # :checkers grammar - libxml2 # :lang data :editor format - markdownlint-cli # :lang markdown - nil # :lang (nix +lsp) - nls # :lang (nickel +lsp) - nodePackages.bash-language-server # :lang (sh +lsp) - nodePackages.eslint # :lang (json +lsp) - nodePackages.js-beautify # :lang web - nodePackages.prettier # :editor format - nodePackages.stylelint # :lang web - nodePackages.vscode-css-languageserver-bin # lang (web +lsp) - nodePackages.vscode-html-languageserver-bin # lang (web +lsp) - nodePackages.vscode-json-languageserver-bin # lang (json +lsp) - nodejs # :tools debugger - pandoc # :lang org markdown latex - pinentry-emacs # doom! - pipenv # :lang python - poetry # :lang python - pre-commit # :tools magit - python3 # :lang python - python3Packages.black # :lang python :editor format - python3Packages.isort # :lang python :editor format - python3Packages.nose # :lang python - python3Packages.pyflakes # :lang python :editor format - python3Packages.pytest # :lang python - python3Packages.python-lsp-server # :lang python :editor format - ripgrep # doom! - rust-analyzer # :lang (rust +lsp) - rustc # :lang rust - rustfmt # :lang rust - shellcheck # :lang sh - shfmt # :lang sh :editor format - sqlite # :lang (org +roam2) :tools lookup - terraform-ls # :tools (terraform +lsp) - texlab # lang (tex +lsp) - texlive.combined.scheme-full # :lang org tex - unzip # :tools debugger - wordnet # :tools (lookup +dictionary +offline) - yaml-language-server # :lang (yaml +lsp) - zig # :lang zig :editor format - zls # :lang (zig +lsp) - zstd # :emacs undo - ] - ++ ( - # GDB doesn't support[1] Apple Silicon. - # - # [1]: https://inbox.sourceware.org/gdb/6b48224b-9e2e-518d-793b-df4fc5514884@arm.com/ - if (this.system != "aarch64-darwin") - then [gdb] # :tools debugger - else [lldb] # :tools debugger - ); + if [[ -x "$EMACSDIR/bin/doom" ]]; then + if [[ ! -d "$EMACSDIR/.local" ]]; then + PATH="''${PATH:-/bin:/usr/bin:/usr/local/bin}:${emacs.package}/bin:${git.package}/bin" \ + "$EMACSDIR/bin/doom" install --force --verbose + fi - parinferRustLibrary = - if (hasSuffix "linux" this.system) - then "${pkgs.parinfer-rust}/lib/libparinfer_rust.so" - else "${pkgs.parinfer-rust}/lib/libparinfer_rust.dylib"; - in '' - ;; Integrate packages which are required by various modules - ;; without polluting the user's profile. - (setq exec-path (append exec-path '(${ - concatMapStringsSep " " (x: ''"${x}/bin"'') extraBins - }))) - (setenv "PATH" (concat (getenv "PATH") ":${ - concatMapStringsSep ":" (x: "${x}/bin") extraBins - }")) + PATH="''${PATH:-/bin:/usr/bin:/usr/local/bin}:${emacs.package}/bin:${git.package}/bin" \ + "$EMACSDIR/bin/doom" sync -e -p --force --verbose + fi + ''; + } + ) + { + "doom/init.el".source = ./doom/init.el; + "doom/packages.el".source = ./doom/packages.el; + "doom/config.el" = { + text = concatLines [ + ( + let + extraBins = + with pkgs; + [ + (aspellWithDicts ( + p: with p; [ + en + ru + ] + )) # :checkers (spell +aspell) + asmfmt # :editor format + cargo # :lang rust + clang-tools # :lang (cc +lsp) :editor format + cmake-format # :lang cc :editor format + cmigemo # :lang japanese + config.hm.programs.emacs.package # !doom + config.nix.package # !doom + delve # :lang go :tools debugger + dockerfile-language-server-nodejs # :tools (docker +lsp) + dockfmt # :tools docker :editor format + editorconfig-core-c # :tools editorconfig + fd # doom! + gcc # :lang cc + ghc # :lang haskell + gnuplot # :lang (org +gnuplot) + gnutar # :tools tree-sitter + gnutls # doom! :app irc + go # :lang go + godef # :lang go + gomodifytags # :lang go + gopls # :lang (go +lsp) + gore # :lang go + gotests # :lang go + gotools # :lang go + graphviz # :lang (org +roam2) :lang plantuml + gzip # :tools tree-sitter + haskellPackages.cabal-fmt # :lang haskell :editor format + haskellPackages.cabal-install # :lang haskell + haskellPackages.haskell-language-server # :lang (haskell +lsp) + haskellPackages.hoogle # :lang haskell + haskellPackages.ormolu # :lang haskell :editor format + html-tidy # :lang web :editor format + jdk # :lang java :lang plantuml :checkers grammar + languagetool # :checkers grammar + libxml2 # :lang data :editor format + markdownlint-cli # :lang markdown + nil # :lang (nix +lsp) + nixfmt # :lang nix :editor format + nls # :lang (nickel +lsp) + nodePackages.bash-language-server # :lang (sh +lsp) + nodePackages.eslint # :lang (json +lsp) + nodePackages.js-beautify # :lang web + nodePackages.prettier # :editor format + nodePackages.stylelint # :lang web + nodePackages.vscode-css-languageserver-bin # lang (web +lsp) + nodePackages.vscode-html-languageserver-bin # lang (web +lsp) + nodePackages.vscode-json-languageserver-bin # lang (json +lsp) + nodejs # :tools debugger + pandoc # :lang org markdown latex + pinentry-emacs # doom! + pipenv # :lang python + poetry # :lang python + pre-commit # :tools magit + python3 # :lang python + python3Packages.black # :lang python :editor format + python3Packages.isort # :lang python :editor format + python3Packages.nose # :lang python + python3Packages.pyflakes # :lang python :editor format + python3Packages.pytest # :lang python + python3Packages.python-lsp-server # :lang python :editor format + ripgrep # doom! + rust-analyzer # :lang (rust +lsp) + rustc # :lang rust + rustfmt # :lang rust + shellcheck # :lang sh + shfmt # :lang sh :editor format + sqlite # :lang (org +roam2) :tools lookup + terraform-ls # :tools (terraform +lsp) + texlab # lang (tex +lsp) + texlive.combined.scheme-full # :lang org tex + unzip # :tools debugger + wordnet # :tools (lookup +dictionary +offline) + yaml-language-server # :lang (yaml +lsp) + zig # :lang zig :editor format + zls # :lang (zig +lsp) + zstd # :emacs undo + ] + ++ ( + # GDB doesn't support[1] Apple Silicon. + # + # [1]: https://inbox.sourceware.org/gdb/6b48224b-9e2e-518d-793b-df4fc5514884@arm.com/ + if (this.system != "aarch64-darwin") then + [ gdb ] # :tools debugger + else + [ lldb ] # :tools debugger + ); - ;; HACK Explicitly load specific Emacs packages from Nixpkgs. - ;; For some reason providing them as "extraPackages" doesn't - ;; work. - (add-to-list 'load-path "${pkgs.mu.mu4e}/share/emacs/site-lisp/mu4e") - (add-to-list 'load-path "${pkgs.emacsPackages.vterm}/share/emacs/site-lisp/elpa/vterm-${pkgs.emacsPackages.vterm.version}") + parinferRustLibrary = + if (hasSuffix "linux" this.system) then + "${pkgs.parinfer-rust}/lib/libparinfer_rust.so" + else + "${pkgs.parinfer-rust}/lib/libparinfer_rust.dylib"; + in + '' + ;; Integrate packages which are required by various modules + ;; without polluting the user's profile. + (setq exec-path (append exec-path '(${concatMapStringsSep " " (x: ''"${x}/bin"'') extraBins}))) + (setenv "PATH" (concat (getenv "PATH") ":${concatMapStringsSep ":" (x: "${x}/bin") extraBins}")) - (appendq! auth-sources '(("${config.secrets.authinfo.path}"))) + ;; HACK Explicitly load specific Emacs packages from Nixpkgs. + ;; For some reason providing them as "extraPackages" doesn't + ;; work. + (add-to-list 'load-path "${pkgs.mu.mu4e}/share/emacs/site-lisp/mu4e") + (add-to-list 'load-path "${pkgs.emacsPackages.vterm}/share/emacs/site-lisp/elpa/vterm-${pkgs.emacsPackages.vterm.version}") - ;; :input japanese - (setq migemo-dictionary "${pkgs.cmigemo}/share/migemo/utf-8/migemo-dict" - skk-large-jisyo "${pkgs.skk-dicts}/share/SKK-JISYO.L") + (appendq! auth-sources '(("${config.secrets.authinfo.path}"))) - ;; :editor parinfer - (setq parinfer-rust-auto-download nil - parinfer-rust-library "${parinferRustLibrary}") + ;; :input japanese + (setq migemo-dictionary "${pkgs.cmigemo}/share/migemo/utf-8/migemo-dict" + skk-large-jisyo "${pkgs.skk-dicts}/share/SKK-JISYO.L") - ;; :lang nix - ;; HACK Trick `nix-mode' to use alejandra instead of nixfmt. - (setq nix-nixfmt-bin "${pkgs.writeShellScript "nixfmt" '' - ${getExe pkgs.alejandra} "$@" - ''}") + ;; :editor parinfer + (setq parinfer-rust-auto-download nil + parinfer-rust-library "${parinferRustLibrary}") - ;; :lang (org +roam2) :email mu4e - (setq emacsql-sqlite-executable "${getExe pkgs.emacsql-sqlite}") + ;; :lang (org +roam2) :email mu4e + (setq emacsql-sqlite-executable "${getExe pkgs.emacsql-sqlite}") - ;; :lang plantuml - (setq plantuml-jar-path "${pkgs.plantuml}/lib/plantuml.jar" - plantuml-executable-path "${getExe' pkgs.plantuml "plantuml"}" - org-plantuml-jar-path plantuml-jar-path - org-plantuml-executable-path plantuml-executable-path) + ;; :lang plantuml + (setq plantuml-jar-path "${pkgs.plantuml}/lib/plantuml.jar" + plantuml-executable-path "${getExe' pkgs.plantuml "plantuml"}" + org-plantuml-jar-path plantuml-jar-path + org-plantuml-executable-path plantuml-executable-path) - ;; :app irc - (setq circe-default-nick "${my.username}" - circe-default-realname "${my.email}" - circe-default-user circe-default-nick) - '') - (with config.stylix.fonts; '' - (setq doom-font "${monospace.name}-${toString sizes.terminal}" - doom-serif-font "${serif.name}-${toString sizes.terminal}" - doom-variable-pitch-font "${sansSerif.name}-${toString sizes.terminal}") - '') - (with config.hm.accounts.email; let - mu4eAccounts = let - muAccounts = filter (a: a.mu.enable) (attrValues accounts); - in - concatMapStringsSep "\n" - (a: - with a; let - personalAddresses = concatMapStringsSep " " (v: ''"${v}"'') aliases; - in '' - (set-email-account! "${name}" - '((user-full-name . "${realName}") - (user-mail-address . "${address}") - (mu4e-inbox-folder . "/${name}/${folders.inbox}") - (mu4e-sent-folder . "/${name}/${folders.sent}") - (mu4e-drafts-folder . "/${name}/${folders.drafts}") - (mu4e-trash-folder . "/${name}/${folders.trash}") - (mu4e-refile-folder . "/${name}/Archive") - (+mu4e-personal-addresses . (${personalAddresses}))) - t) - '') - muAccounts; - in '' - (setq mu4e-root-maildir "${maildirBasePath}") + ;; :app irc + (setq circe-default-nick "${my.username}" + circe-default-realname "${my.email}" + circe-default-user circe-default-nick) + '' + ) + (with config.stylix.fonts; '' + (setq doom-font "${monospace.name}-${toString sizes.terminal}" + doom-serif-font "${serif.name}-${toString sizes.terminal}" + doom-variable-pitch-font "${sansSerif.name}-${toString sizes.terminal}") + '') + ( + with config.hm.accounts.email; + let + mu4eAccounts = + let + muAccounts = filter (a: a.mu.enable) (attrValues accounts); + in + concatMapStringsSep "\n" ( + a: + with a; + let + personalAddresses = concatMapStringsSep " " (v: ''"${v}"'') aliases; + in + '' + (set-email-account! "${name}" + '((user-full-name . "${realName}") + (user-mail-address . "${address}") + (mu4e-inbox-folder . "/${name}/${folders.inbox}") + (mu4e-sent-folder . "/${name}/${folders.sent}") + (mu4e-drafts-folder . "/${name}/${folders.drafts}") + (mu4e-trash-folder . "/${name}/${folders.trash}") + (mu4e-refile-folder . "/${name}/Archive") + (+mu4e-personal-addresses . (${personalAddresses}))) + t) + '' + ) muAccounts; + in + '' + (setq mu4e-root-maildir "${maildirBasePath}") - ${mu4eAccounts} - '') - (builtins.readFile ./doom/config.el) - ]; - }; - }; + ${mu4eAccounts} + '' + ) + (builtins.readFile ./doom/config.el) + ]; + }; + }; programs = { emacs = { diff --git a/modules/common/emacs/doom/config.el b/modules/common/emacs/doom/config.el index e31d41d..7f5693c 100644 --- a/modules/common/emacs/doom/config.el +++ b/modules/common/emacs/doom/config.el @@ -52,7 +52,7 @@ ;;; Org ;; -(setq org-directory "~/doc/org") +(setq org-directory "~/doc/org/") ;; For some reason only using `after!' work here. `setq-hook!' and etc doesn't ;; produce expected results. diff --git a/modules/common/eza.nix b/modules/common/eza.nix index be590b4..96b7d4c 100644 --- a/modules/common/eza.nix +++ b/modules/common/eza.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.eza; -in { +in +{ options.nixfiles.modules.eza.enable = mkEnableOption "eza, an alternative to ls"; config = mkIf cfg.enable { @@ -16,6 +18,6 @@ in { la = "${ll} --header --all"; }; - hm.home.packages = [pkgs.eza]; + hm.home.packages = [ pkgs.eza ]; }; } diff --git a/modules/common/git.nix b/modules/common/git.nix index c6be614..fbe190e 100644 --- a/modules/common/git.nix +++ b/modules/common/git.nix @@ -6,11 +6,12 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.git; -in { - options.nixfiles.modules.git.client.enable = - mkEnableOption "Git client"; +in +{ + options.nixfiles.modules.git.client.enable = mkEnableOption "Git client"; config = mkIf cfg.client.enable { secrets = { @@ -75,6 +76,8 @@ in { autoStash = true; autoSquash = true; }; + rerere.enabled = true; + branch.sort = "-committerdate"; diff = { mnemonicPrefix = true; renames = "copies"; @@ -89,51 +92,54 @@ in { annotate = true; confirm = "always"; }; + column.ui = "auto"; github.user = my.username; gitlab.user = my.username; } - // mapAttrs' - (name: value: nameValuePair ''url "git@${value}:"'' {insteadOf = "${name}:";}) { + // mapAttrs' (name: value: nameValuePair ''url "git@${value}:"'' { insteadOf = "${name}:"; }) { "bitbucket" = "bitbucket.com"; "codeberg" = "codeberg.org"; "github" = "github.com"; "gitlab" = "gitlab.com"; "sourcehut" = "git.sr.ht"; } - // mapAttrs' - (name: values: nameValuePair ''url "https://${values}/"'' {insteadOf = "${name}:";}) { - "alpine" = "gitlab.alpinelinux.org"; - "debian" = "salsa.debian.org"; - "freedesktop" = "gitlab.freedesktop.org"; - "gnome" = "gitlab.gnome.org"; - "haskell" = "gitlab.haskell.org"; - "homotopic" = "gitlab.homotopic.tech"; - "horizon" = "gitlab.horizon-haskell.net"; - "kde" = "invent.kde.org"; - "nixca" = "gitlab.nixca.dev"; - "notabug" = "notabug.org"; - "opencode" = "opencode.net"; - "torproject" = "gitlab.torproject.org"; - "videolan" = "code.videolan.org"; - }; + // + mapAttrs' (name: values: nameValuePair ''url "https://${values}/"'' { insteadOf = "${name}:"; }) + { + "alpine" = "gitlab.alpinelinux.org"; + "debian" = "salsa.debian.org"; + "freedesktop" = "gitlab.freedesktop.org"; + "gnome" = "gitlab.gnome.org"; + "haskell" = "gitlab.haskell.org"; + "homotopic" = "gitlab.homotopic.tech"; + "horizon" = "gitlab.horizon-haskell.net"; + "kde" = "invent.kde.org"; + "nixca" = "gitlab.nixca.dev"; + "notabug" = "notabug.org"; + "opencode" = "opencode.net"; + "torproject" = "gitlab.torproject.org"; + "videolan" = "code.videolan.org"; + }; - aliases = let - git = getExe config.hm.programs.git.package; - curl = getExe pkgs.curl; - in { - amend = "commit --amend"; - cat = "cat-file -p"; - fast = "clone --depth=1"; - fixup = "commit --fixup"; - fuck = "!${git} reset --hard && ${git} clean --force -dx"; - get = "pull --all --recurse-submodules --autostash"; - gud = ''commit -m "git gud"''; - refresh = "clean --force -dx"; - tree = "log --graph --date=relative --pretty=tformat:'%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%an %ad)%Creset'"; - uncommit = "reset --soft HEAD~1"; - untrack = "rm --cache --"; - wtc = "!${curl} -sq whatthecommit.com/index.txt | ${git} commit -F -"; - }; + aliases = + let + git = getExe config.hm.programs.git.package; + curl = getExe pkgs.curl; + in + { + amend = "commit --amend"; + cat = "cat-file -p"; + fast = "clone --depth=1"; + fixup = "commit --fixup"; + fuck = "!${git} reset --hard && ${git} clean --force -dx"; + get = "pull --all --recurse-submodules --autostash"; + gud = ''commit -m "git gud"''; + refresh = "clean --force -dx"; + tree = "log --graph --date=relative --pretty=tformat:'%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%an %ad)%Creset'"; + uncommit = "reset --soft HEAD~1"; + untrack = "rm --cache --"; + wtc = "!${curl} -sq whatthecommit.com/index.txt | ${git} commit -F -"; + }; # All helper tools/editor generated files should go here. This must be # kept void of any project-specific or residual files. diff --git a/modules/common/gnupg.nix b/modules/common/gnupg.nix index c0f10f9..b32d94c 100644 --- a/modules/common/gnupg.nix +++ b/modules/common/gnupg.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.gnupg; -in { +in +{ options.nixfiles.modules.gnupg.enable = mkEnableOption "GnuPG"; config = mkIf cfg.enable { @@ -33,26 +31,42 @@ in { list-options = "show-uid-validity"; verify-options = "show-uid-validity"; } - // (let - cipherAlgos = ["AES256" "AES192" "AES"]; - digestAlgos = ["SHA512" "SHA384" "SHA256" "SHA224"]; - compressionAlgos = ["ZLIB" "BZIP2" "ZIP" "Uncompressed"]; - - cs = concatStringsSep " "; - in { - default-preference-list = - cs (cipherAlgos ++ digestAlgos ++ compressionAlgos); - - personal-cipher-preferences = cs cipherAlgos; - personal-digest-preferences = cs digestAlgos; - personal-compress-preferences = cs compressionAlgos; - - s2k-cipher-algo = head cipherAlgos; - s2k-digest-algo = head digestAlgos; - - digest-algo = head digestAlgos; - cert-digest-algo = head digestAlgos; - }); + // ( + let + cipherAlgos = [ + "AES256" + "AES192" + "AES" + ]; + digestAlgos = [ + "SHA512" + "SHA384" + "SHA256" + "SHA224" + ]; + compressionAlgos = [ + "ZLIB" + "BZIP2" + "ZIP" + "Uncompressed" + ]; + + cs = concatStringsSep " "; + in + { + default-preference-list = cs (cipherAlgos ++ digestAlgos ++ compressionAlgos); + + personal-cipher-preferences = cs cipherAlgos; + personal-digest-preferences = cs digestAlgos; + personal-compress-preferences = cs compressionAlgos; + + s2k-cipher-algo = head cipherAlgos; + s2k-digest-algo = head digestAlgos; + + digest-algo = head digestAlgos; + cert-digest-algo = head digestAlgos; + } + ); }; }; } diff --git a/modules/common/htop.nix b/modules/common/htop.nix index bf3f1e4..647abf7 100644 --- a/modules/common/htop.nix +++ b/modules/common/htop.nix @@ -1,13 +1,10 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.htop; -in { - options.nixfiles.modules.htop.enable = - mkEnableOption "htop"; +in +{ + options.nixfiles.modules.htop.enable = mkEnableOption "htop"; config = mkIf cfg.enable { hm.programs.htop = { diff --git a/modules/common/mpv.nix b/modules/common/mpv.nix index e857b5b..9cd1e91 100644 --- a/modules/common/mpv.nix +++ b/modules/common/mpv.nix @@ -4,28 +4,33 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.mpv; -in { +in +{ options.nixfiles.modules.mpv.enable = mkEnableOption "mpv"; config = mkIf cfg.enable { hm.programs.mpv = { enable = true; - package = with pkgs; - wrapMpv (mpv-unwrapped.override { - bs2bSupport = false; - cacaSupport = false; - dvbinSupport = false; - dvdnavSupport = false; - swiftSupport = false; - }) { - scripts = with mpvScripts; [ - autoload - sponsorblock - ]; - }; + package = + with pkgs; + wrapMpv + (mpv-unwrapped.override { + bs2bSupport = false; + cacaSupport = false; + dvbinSupport = false; + dvdnavSupport = false; + swiftSupport = false; + }) + { + scripts = with mpvScripts; [ + autoload + sponsorblock + ]; + }; bindings = { "RIGHT" = "seek 10"; @@ -63,87 +68,89 @@ in { "extension.jpg".profile = "extension.png"; }; - config = let - lang = concatStringsSep "," [ - "Japanese" - "japanese" - "jp" - "jpn" - "jaJP" - "ja-JP" - "English" - "english" - "en" - "eng" - "enUS" - "en-US" - "Russian" - "russian" - "ru" - "rus" - "ruRU" - "ru-RU" - ]; - in { - autofit-larger = "100%x95%"; - cache = true; - cursor-autohide = 1000; - cursor-autohide-fs-only = true; - demuxer-max-back-bytes = "20M"; - demuxer-max-bytes = "20M"; - force-seekable = true; - fullscreen = true; - msg-color = true; - msg-module = true; - prefetch-playlist = true; - save-position-on-quit = true; - screenshot-format = "png"; - screenshot-template = "%F [%p]"; - stop-screensaver = true; - term-osd-bar = true; - use-filedir-conf = true; - - osd-bar-align-y = 0; - osd-bar-h = 2; - osd-bar-w = 60; - osd-border-color = "#FF262626"; - osd-border-size = 2; - osd-color = "#FFFFFFFF"; - osd-duration = 1000; - osd-font-size = 40; - osd-fractions = true; - osd-level = 1; - osd-shadow-color = "#33000000"; - - # osc = false; - - blend-subtitles = true; - embeddedfonts = false; - sub-ass-force-margins = true; - sub-ass-force-style = "kerning=yes"; - sub-auto = "fuzzy"; - sub-border-color = "#FF262626"; - sub-border-size = 2.5; - sub-color = "#FFFFFFFF"; - sub-file-paths-append = "srt"; - sub-fix-timing = true; - sub-font-size = 40; - sub-scale-with-window = true; - sub-shadow-color = "#33000000"; - sub-shadow-offset = 1; - sub-spacing = 0.5; - sub-use-margins = true; - - audio-file-auto = "fuzzy"; - volume = 100; - volume-max = 200; - - alang = lang; - slang = lang; - - ytdl = true; - ytdl-raw-options = ''sub-lang="${lang}",write-sub=''; - }; + config = + let + lang = concatStringsSep "," [ + "Japanese" + "japanese" + "jp" + "jpn" + "jaJP" + "ja-JP" + "English" + "english" + "en" + "eng" + "enUS" + "en-US" + "Russian" + "russian" + "ru" + "rus" + "ruRU" + "ru-RU" + ]; + in + { + autofit-larger = "100%x95%"; + cache = true; + cursor-autohide = 1000; + cursor-autohide-fs-only = true; + demuxer-max-back-bytes = "20M"; + demuxer-max-bytes = "20M"; + force-seekable = true; + fullscreen = true; + msg-color = true; + msg-module = true; + prefetch-playlist = true; + save-position-on-quit = true; + screenshot-format = "png"; + screenshot-template = "%F [%p]"; + stop-screensaver = true; + term-osd-bar = true; + use-filedir-conf = true; + + osd-bar-align-y = 0; + osd-bar-h = 2; + osd-bar-w = 60; + osd-border-color = "#FF262626"; + osd-border-size = 2; + osd-color = "#FFFFFFFF"; + osd-duration = 1000; + osd-font-size = 40; + osd-fractions = true; + osd-level = 1; + osd-shadow-color = "#33000000"; + + # osc = false; + + blend-subtitles = true; + embeddedfonts = false; + sub-ass-force-margins = true; + sub-ass-force-style = "kerning=yes"; + sub-auto = "fuzzy"; + sub-border-color = "#FF262626"; + sub-border-size = 2.5; + sub-color = "#FFFFFFFF"; + sub-file-paths-append = "srt"; + sub-fix-timing = true; + sub-font-size = 40; + sub-scale-with-window = true; + sub-shadow-color = "#33000000"; + sub-shadow-offset = 1; + sub-spacing = 0.5; + sub-use-margins = true; + + audio-file-auto = "fuzzy"; + volume = 100; + volume-max = 200; + + alang = lang; + slang = lang; + + ytdl = true; + ytdl-raw-options = ''sub-lang="${lang}",write-sub=''; + }; }; }; } diff --git a/modules/common/nmap.nix b/modules/common/nmap.nix index 85beb21..71b3d0b 100644 --- a/modules/common/nmap.nix +++ b/modules/common/nmap.nix @@ -5,9 +5,11 @@ inputs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.nmap; -in { +in +{ options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap"; config = mkIf cfg.enable { @@ -23,7 +25,10 @@ in { ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse"; }; - packages = with pkgs; [nmap nmap-formatter]; + packages = with pkgs; [ + nmap + nmap-formatter + ]; activation.regenerateNmapScripts = with pkgs; '' ${getExe' nmap "nmap"} --script-updatedb @@ -33,27 +38,29 @@ in { systemd.user = { services.update-nmap-vulscan-lists = { Service = { - ExecStart = getExe (pkgs.writeShellApplication { - name = "update-nmap-vulscan-lists"; - runtimeInputs = [pkgs.curl]; - text = '' - declare -a vulscandbs=( - "cve" - "exploitdb" - "openvas" - "osvdb" - "scipvuldb" - "securityfocus" - "securitytracker" - "xforce" - ) - for i in "''${vulscandbs[@]}"; do - curl \ - -o "${config.my.home}/.nmap/scripts/vulscan/$i.csv" \ - "https://www.computec.ch/projekte/vulscan/download/$i.csv" - done - ''; - }); + ExecStart = getExe ( + pkgs.writeShellApplication { + name = "update-nmap-vulscan-lists"; + runtimeInputs = [ pkgs.curl ]; + text = '' + declare -a vulscandbs=( + "cve" + "exploitdb" + "openvas" + "osvdb" + "scipvuldb" + "securityfocus" + "securitytracker" + "xforce" + ) + for i in "''${vulscandbs[@]}"; do + curl \ + -o "${config.my.home}/.nmap/scripts/vulscan/$i.csv" \ + "https://www.computec.ch/projekte/vulscan/download/$i.csv" + done + ''; + } + ); }; }; @@ -65,7 +72,7 @@ in { Persistent = true; Unit = "update-nmap-vulscan-lists.service"; }; - Install.WantedBy = ["timers.target"]; + Install.WantedBy = [ "timers.target" ]; }; }; }; diff --git a/modules/common/openssh.nix b/modules/common/openssh.nix index ecaf4de..f60a1ef 100644 --- a/modules/common/openssh.nix +++ b/modules/common/openssh.nix @@ -4,11 +4,12 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.openssh; -in { - options.nixfiles.modules.openssh.client.enable = - mkEnableOption "OpenSSH client"; +in +{ + options.nixfiles.modules.openssh.client.enable = mkEnableOption "OpenSSH client"; config = mkIf cfg.client.enable { hm = { @@ -29,26 +30,35 @@ in { serverAliveCountMax = 30; serverAliveInterval = 60; - matchBlocks = let - mkBlock = name: { - hostname ? name, - port ? 22022, # NOTE This is not the default OpenSSH port. - user ? my.username, - identityFile ? "${config.my.home}/.ssh/${my.username}_${my.ssh.type}", - extraAttrs ? {}, - }: - nameValuePair name ({inherit hostname port user identityFile;} - // extraAttrs); + matchBlocks = + let + mkBlock = + name: + { + hostname ? name, + port ? 22022, # NOTE This is not the default OpenSSH port. + user ? my.username, + identityFile ? "${config.my.home}/.ssh/${my.username}_${my.ssh.type}", + extraAttrs ? { }, + }: + nameValuePair name ( + { + inherit + hostname + port + user + identityFile + ; + } + // extraAttrs + ); - internalServers = - mapAttrs' mkBlock - (mapAttrs (name: _: { - hostname = "${name}.${my.domain.shire}"; - }) (filterAttrs (_: attr: - hasAttr "wireguard" attr - && attr.isHeadless) - my.configurations)); - in + internalServers = mapAttrs' mkBlock ( + mapAttrs (name: _: { hostname = "${name}.${my.domain.shire}"; }) ( + filterAttrs (_: attr: hasAttr "wireguard" attr && attr.isHeadless) my.configurations + ) + ); + in internalServers // (mapAttrs' mkBlock { gitolite = { diff --git a/modules/common/password-store.nix b/modules/common/password-store.nix index c9a71ce..e5cd756 100644 --- a/modules/common/password-store.nix +++ b/modules/common/password-store.nix @@ -4,26 +4,28 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.password-store; -in { - options.nixfiles.modules.password-store.enable = - mkEnableOption "the standard UNIX password manager"; +in +{ + options.nixfiles.modules.password-store.enable = mkEnableOption "the standard UNIX password manager"; config = mkIf cfg.enable { hm.programs = { password-store = { enable = true; - package = pkgs.pass.withExtensions (p: with p; [pass-otp]); + package = pkgs.pass.withExtensions (p: with p; [ pass-otp ]); settings.PASSWORD_STORE_DIR = "${config.my.home}/.password-store"; }; # HACK https://github.com/NixOS/nixpkgs/issues/183604 - bash.initExtra = let - completions = "${config.hm.programs.password-store.package}/share/bash-completion/completions"; - in + bash.initExtra = + let + completions = "${config.hm.programs.password-store.package}/share/bash-completion/completions"; + in mkAfter '' source ${completions}/pass-otp source ${completions}/pass diff --git a/modules/common/profiles/default.nix b/modules/common/profiles/default.nix index a17ff08..79ce39d 100644 --- a/modules/common/profiles/default.nix +++ b/modules/common/profiles/default.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.default; -in { +in +{ imports = [ ./dev ./email.nix diff --git a/modules/common/profiles/dev/containers.nix b/modules/common/profiles/dev/containers.nix index e90c88e..8f3bfc6 100644 --- a/modules/common/profiles/dev/containers.nix +++ b/modules/common/profiles/dev/containers.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.dev.containers; -in { +in +{ options.nixfiles.modules.profiles.dev.containers.enable = mkEnableOption "Tools for working with containers and container orchestration" // { diff --git a/modules/common/profiles/dev/default.nix b/modules/common/profiles/dev/default.nix index 52dc49f..6ac1fe6 100644 --- a/modules/common/profiles/dev/default.nix +++ b/modules/common/profiles/dev/default.nix @@ -4,17 +4,18 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.dev; -in { +in +{ imports = [ ./containers.nix ./hidden.nix ./sql.nix ]; - options.nixfiles.modules.profiles.dev.enable = - mkEnableOption "Catch-all profile for stuff related to software development and etc."; + options.nixfiles.modules.profiles.dev.enable = mkEnableOption "Catch-all profile for stuff related to software development and etc."; config = mkIf cfg.enable { nixfiles.modules = { diff --git a/modules/common/profiles/dev/sql.nix b/modules/common/profiles/dev/sql.nix index 3e1c4b2..c2d4894 100644 --- a/modules/common/profiles/dev/sql.nix +++ b/modules/common/profiles/dev/sql.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.dev.sql; -in { +in +{ options.nixfiles.modules.profiles.dev.sql.enable = mkEnableOption "SQL stuff and database management tools" // { @@ -20,81 +22,84 @@ in { litecli ]; - xdg = let - mainSection = { - destructive_warning = "True"; - enable_pager = "True"; - keyword_casing = "auto"; - less_chatty = "True"; - log_file = "/dev/null"; - log_level = "CRITICAL"; - multi_line = "False"; - syntax_style = "default"; - table_format = "fancy_grid"; - }; + xdg = + let + mainSection = { + destructive_warning = "True"; + enable_pager = "True"; + keyword_casing = "auto"; + less_chatty = "True"; + log_file = "/dev/null"; + log_level = "CRITICAL"; + multi_line = "False"; + syntax_style = "default"; + table_format = "fancy_grid"; + }; - colorsSection = with config.colors.withHashtag; { - "arg-toolbar" = "noinherit bold"; - "arg-toolbar.text" = "nobold"; - "bottom-toolbar" = "bg:${base01} ${base06}"; - "bottom-toolbar.off" = "bg:${base01} ${base02}"; - "bottom-toolbar.on" = "bg:${base01} ${base07}"; - "bottom-toolbar.transaction.failed" = "bg:${base01} ${base08} bold"; - "bottom-toolbar.transaction.valid" = "bg:${base01} ${base0B} bold"; - "completion-menu.completion" = "bg:${base01} ${base06}"; - "completion-menu.completion.current" = "bg:${base06} ${base01}"; - "completion-menu.meta.completion" = "bg:${base01} ${base13}"; - "completion-menu.meta.completion.current" = "bg:${base09} ${base01}"; - "completion-menu.multi-column-meta" = "bg:${base09} ${base01}"; - "scrollbar" = "bg:${base01}"; - "scrollbar.arrow" = "bg:${base01}"; - "search" = "bg:${base17} ${base07}"; - "search-toolbar" = "noinherit bold"; - "search-toolbar.text" = "nobold"; - "search.current" = "bg:${base14} ${base07}"; - "selected" = "bg:${base0D} ${base07}"; - "system-toolbar" = "noinherit bold"; - }; + colorsSection = with config.colors.withHashtag; { + "arg-toolbar" = "noinherit bold"; + "arg-toolbar.text" = "nobold"; + "bottom-toolbar" = "bg:${base01} ${base06}"; + "bottom-toolbar.off" = "bg:${base01} ${base02}"; + "bottom-toolbar.on" = "bg:${base01} ${base07}"; + "bottom-toolbar.transaction.failed" = "bg:${base01} ${base08} bold"; + "bottom-toolbar.transaction.valid" = "bg:${base01} ${base0B} bold"; + "completion-menu.completion" = "bg:${base01} ${base06}"; + "completion-menu.completion.current" = "bg:${base06} ${base01}"; + "completion-menu.meta.completion" = "bg:${base01} ${base13}"; + "completion-menu.meta.completion.current" = "bg:${base09} ${base01}"; + "completion-menu.multi-column-meta" = "bg:${base09} ${base01}"; + "scrollbar" = "bg:${base01}"; + "scrollbar.arrow" = "bg:${base01}"; + "search" = "bg:${base17} ${base07}"; + "search-toolbar" = "noinherit bold"; + "search-toolbar.text" = "nobold"; + "search.current" = "bg:${base14} ${base07}"; + "selected" = "bg:${base0D} ${base07}"; + "system-toolbar" = "noinherit bold"; + }; - mkCliConfig = { - name, - custom, - }: { - "${name}/config" = { - text = generators.toINI {} { - main = mainSection // custom; - colors = mapAttrs (_: v: "'${v}'") colorsSection; + mkCliConfig = + { name, custom }: + { + "${name}/config" = { + text = generators.toINI { } { + main = mainSection // custom; + colors = mapAttrs (_: v: "'${v}'") colorsSection; + }; + }; }; - }; + in + { + configFile = mkMerge ( + map mkCliConfig [ + { + name = "pgcli"; + custom = { + prompt = "'\\u@\\h:\\d> '"; + multi_line_mode = "psql"; + on_error = "STOP"; + auto_expand = "True"; + expand = "True"; + keyring = "False"; + vi = "True"; + casing_file = "/dev/null"; + history_file = "/dev/null"; + }; + } + { + name = "litecli"; + custom = { + prompt = "'\\d> '"; + prompt_continuation = "'-> '"; + auto_vertical_output = "True"; + key_bindings = "vi"; + audit_log = "/dev/null"; + }; + } + ] + ); }; - in { - configFile = mkMerge (map mkCliConfig [ - { - name = "pgcli"; - custom = { - prompt = "'\\u@\\h:\\d> '"; - multi_line_mode = "psql"; - on_error = "STOP"; - auto_expand = "True"; - expand = "True"; - keyring = "False"; - vi = "True"; - casing_file = "/dev/null"; - history_file = "/dev/null"; - }; - } - { - name = "litecli"; - custom = { - prompt = "'\\d> '"; - prompt_continuation = "'-> '"; - auto_vertical_output = "True"; - key_bindings = "vi"; - audit_log = "/dev/null"; - }; - } - ]); - }; }; }; } diff --git a/modules/common/profiles/email.nix b/modules/common/profiles/email.nix index 3c809af..a525692 100644 --- a/modules/common/profiles/email.nix +++ b/modules/common/profiles/email.nix @@ -5,45 +5,51 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.email; -in { - options.nixfiles.modules.profiles.email.enable = - mkEnableOption "Local Email management" // {default = this.isHeadful;}; +in +{ + options.nixfiles.modules.profiles.email.enable = mkEnableOption "Local Email management" // { + default = this.isHeadful; + }; config = mkIf cfg.enable { hm = { accounts.email = { maildirBasePath = "${config.my.home}/doc/mail"; - accounts = let - mkAccount = attrs: - mkMerge [ - { - mbsync = { - enable = true; - create = "both"; - expunge = "both"; - patterns = ["*"]; - }; - msmtp.enable = true; - mu.enable = true; - thunderbird = { - enable = hasSuffix "linux" this.system; - settings = id: { - "mail.identity.id_${id}.compose_html" = false; - "mail.identity.id_${id}.reply_on_top" = 0; + accounts = + let + mkAccount = + attrs: + mkMerge [ + { + mbsync = { + enable = true; + create = "both"; + expunge = "both"; + patterns = [ "*" ]; }; - }; - } - attrs - ]; + msmtp.enable = true; + mu.enable = true; + thunderbird = { + enable = hasSuffix "linux" this.system; + settings = id: { + "mail.identity.id_${id}.compose_html" = false; + "mail.identity.id_${id}.reply_on_top" = 0; + }; + }; + } + attrs + ]; - getPassword = { - path, - line ? 0, - }: - assert (builtins.isInt line); + getPassword = + { + path, + line ? 0, + }: + assert (builtins.isInt line); concatStringsSep " " ( [ (getExe config.hm.programs.password-store.package) @@ -57,48 +63,54 @@ in { "'${toString line}!d'" ] ); - in { - shire = mkAccount rec { - address = my.email; - aliases = [address "frodo@rohan.net" "azahi@shire.net"]; - realName = my.fullname; - gpg = { - inherit (my.pgp) key; - signByDefault = true; - encryptByDefault = false; - }; + in + { + shire = mkAccount rec { + address = my.email; + aliases = [ + address + "frodo@rohan.net" + "azahi@shire.net" + ]; + realName = my.fullname; + gpg = { + inherit (my.pgp) key; + signByDefault = true; + encryptByDefault = false; + }; - primary = true; + primary = true; - imap = { - host = "shire.net"; - port = 993; - tls.enable = true; - }; - smtp = { - host = "shire.net"; - port = 465; - tls.enable = true; + imap = { + host = "shire.net"; + port = 993; + tls.enable = true; + }; + smtp = { + host = "shire.net"; + port = 465; + tls.enable = true; + }; + userName = "azahi@shire.net"; + passwordCommand = getPassword { path = "email/shire.net/azahi"; }; }; - userName = "azahi@shire.net"; - passwordCommand = getPassword { - path = "email/shire.net/azahi"; - }; - }; - yahoo = mkAccount rec { - address = "admin@yahoo.com"; - aliases = [address "admin@yahoo.com"]; - realName = "Firstname Lastname"; + yahoo = mkAccount rec { + address = "admin@yahoo.com"; + aliases = [ + address + "admin@yahoo.com" + ]; + realName = "Firstname Lastname"; - flavor = "yahoo.com"; - userName = "admin@yahoo.com"; - passwordCommand = getPassword { - path = "email/yahoo.com/admin"; - line = 2; + flavor = "yahoo.com"; + userName = "admin@yahoo.com"; + passwordCommand = getPassword { + path = "email/yahoo.com/admin"; + line = 2; + }; }; }; - }; }; programs = { diff --git a/modules/common/profiles/headful.nix b/modules/common/profiles/headful.nix index 1578ccc..cd29225 100644 --- a/modules/common/profiles/headful.nix +++ b/modules/common/profiles/headful.nix @@ -5,11 +5,14 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.headful; -in { - options.nixfiles.modules.profiles.headful.enable = - mkEnableOption "headful profile" // {default = this.isHeadful;}; +in +{ + options.nixfiles.modules.profiles.headful.enable = mkEnableOption "headful profile" // { + default = this.isHeadful; + }; config = mkIf cfg.enable { nixfiles.modules = { diff --git a/modules/common/profiles/headless.nix b/modules/common/profiles/headless.nix index cc7c326..1f8096c 100644 --- a/modules/common/profiles/headless.nix +++ b/modules/common/profiles/headless.nix @@ -5,19 +5,21 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.headless; -in { - options.nixfiles.modules.profiles.headless.enable = - mkEnableOption "headless profile" // {default = this.isHeadless;}; +in +{ + options.nixfiles.modules.profiles.headless.enable = mkEnableOption "headless profile" // { + default = this.isHeadless; + }; config = mkIf cfg.enable { hm.home.file = { ".hushlogin".text = ""; - ".bash_history".source = - config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; + ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; }; - environment.systemPackages = with pkgs; [alacritty.terminfo]; + environment.systemPackages = with pkgs; [ alacritty.terminfo ]; }; } diff --git a/modules/common/qutebrowser.nix b/modules/common/qutebrowser.nix index a3b82d3..8fdcf48 100644 --- a/modules/common/qutebrowser.nix +++ b/modules/common/qutebrowser.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.qutebrowser; -in { +in +{ options.nixfiles.modules.qutebrowser.enable = mkEnableOption "Qutebrowser"; config = mkIf cfg.enable { @@ -20,9 +22,11 @@ in { enable = true; keyBindings.normal = mkIf mpv.enable { - "z" = let - mpv = getExe config.hm.programs.mpv.package; - in "hint links spawn --detach ${mpv} {hint-url}"; + "z" = + let + mpv = getExe config.hm.programs.mpv.package; + in + "hint links spawn --detach ${mpv} {hint-url}"; }; searchEngines = rec { @@ -147,7 +151,11 @@ in { shrink = true; timestamp_format = "%y-%m-%d"; min_chars = 3; - open_categories = ["bookmarks" "quickmarks" "history"]; + open_categories = [ + "bookmarks" + "quickmarks" + "history" + ]; scrollbar = { width = 0; @@ -164,11 +172,7 @@ in { }; editor.command = [ - ( - if alacritty.enable - then getExe pkgs.alacritty - else getExe pkgs.xterm - ) + (if alacritty.enable then getExe pkgs.alacritty else getExe pkgs.xterm) "-e" (getExe' config.programs.vim.package "vim") "-f" @@ -192,7 +196,11 @@ in { smooth = false; }; - spellcheck.languages = ["en-US" "en-GB" "ru-RU"]; + spellcheck.languages = [ + "en-US" + "en-GB" + "ru-RU" + ]; statusbar.position = "bottom"; @@ -233,7 +241,7 @@ in { url = rec { default_page = "about:blank"; - start_pages = [default_page]; + start_pages = [ default_page ]; }; window = { @@ -248,76 +256,87 @@ in { }; extraConfig = - (let - mkPaddingDictionary = { - name, - bottom, - left, - right, - top, - }: let - n = "c.${name}.padding"; - b = "'bottom': ${toString bottom}"; - l = "'left': ${toString left}"; - r = "'right': ${toString right}"; - t = "'top': ${toString top}"; - in "${n} = {${b}, ${l}, ${r}, ${t}}"; - - final = map mkPaddingDictionary [ - { - name = "hints"; - bottom = 3; - left = 3; - right = 3; - top = 3; - } - { - name = "statusbar"; - bottom = 1; - left = 0; - right = 3; - top = 1; - } - { - name = "tabs"; - bottom = 1; - left = 6; - right = 6; - top = 1; - } - ]; - in - concatLines final + "\n") - + (let - allowSetting = setting: url: "config.set('content.${setting}', True, '${url}')"; - - allowMediaCaptureSetting = url: [ - (allowSetting "desktop_capture" url) - (allowSetting "media.audio_video_capture" url) - ]; - allowedMediaCapture = flatten (map allowMediaCaptureSetting [ - "https://discord.com" - "https://web.telegram.org" - ]); - - allowNotificationsSetting = allowSetting "notifications.enabled"; - allowedNotifications = map allowNotificationsSetting [ - "https://discord.com" - "https://web.telegram.org" - ]; + ( + let + mkPaddingDictionary = + { + name, + bottom, + left, + right, + top, + }: + let + n = "c.${name}.padding"; + b = "'bottom': ${toString bottom}"; + l = "'left': ${toString left}"; + r = "'right': ${toString right}"; + t = "'top': ${toString top}"; + in + "${n} = {${b}, ${l}, ${r}, ${t}}"; + + final = map mkPaddingDictionary [ + { + name = "hints"; + bottom = 3; + left = 3; + right = 3; + top = 3; + } + { + name = "statusbar"; + bottom = 1; + left = 0; + right = 3; + top = 1; + } + { + name = "tabs"; + bottom = 1; + left = 6; + right = 6; + top = 1; + } + ]; + in + concatLines final + "\n" + ) + + ( + let + allowSetting = setting: url: "config.set('content.${setting}', True, '${url}')"; + + allowMediaCaptureSetting = url: [ + (allowSetting "desktop_capture" url) + (allowSetting "media.audio_video_capture" url) + ]; + allowedMediaCapture = flatten ( + map allowMediaCaptureSetting [ + "https://discord.com" + "https://web.telegram.org" + ] + ); + + allowNotificationsSetting = allowSetting "notifications.enabled"; + allowedNotifications = map allowNotificationsSetting [ + "https://discord.com" + "https://web.telegram.org" + ]; - final = allowedMediaCapture ++ allowedNotifications; - in - concatLines final + "\n"); + final = allowedMediaCapture ++ allowedNotifications; + in + concatLines final + "\n" + ); }; - home.activation.installQutebrowserDictionaries = let - dictcli = "${pkgs.qutebrowser}/share/qutebrowser/scripts/dictcli.py"; - in '' - if [[ ! -d "''${XDG_DATA_HOME:-$HOME/.local/share}/qutebrowser/qtwebengine_dictionaries" ]]; then - ${dictcli} install en-US en-GB ru-RU - fi - ''; + home.activation.installQutebrowserDictionaries = + let + dictcli = "${pkgs.qutebrowser}/share/qutebrowser/scripts/dictcli.py"; + in + '' + if [[ ! -d "''${XDG_DATA_HOME:-$HOME/.local/share}/qutebrowser/qtwebengine_dictionaries" ]]; then + ${dictcli} install en-US en-GB ru-RU + fi + ''; }; }; } diff --git a/modules/common/subversion.nix b/modules/common/subversion.nix index 2bd5e42..9398592 100644 --- a/modules/common/subversion.nix +++ b/modules/common/subversion.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.subversion; -in { +in +{ options.nixfiles.modules.subversion.enable = mkEnableOption "Subversion"; config = mkIf cfg.enable { @@ -14,7 +16,7 @@ in { hm.home = { file = { - ".subversion/config".text = generators.toINI {} { + ".subversion/config".text = generators.toINI { } { auth = { password-stores = "gpg-agent"; ssl-client-cert-file-prompt = "no"; @@ -26,8 +28,9 @@ in { diff-cmd = getExe pkgs.colordiff; }; miscellany = { - global-ignores = with config.hm.programs.git; - optionalString (ignores != []) (concatStringsSep " " ignores); + global-ignores = + with config.hm.programs.git; + optionalString (ignores != [ ]) (concatStringsSep " " ignores); diff-ignore-content-type = "no"; }; working-copy = { @@ -37,7 +40,7 @@ in { }; }; - ".subversion/servers".text = generators.toINI {} { + ".subversion/servers".text = generators.toINI { } { global = { store-auth-creds = "yes"; store-passwords = "yes"; @@ -46,7 +49,7 @@ in { }; }; - packages = [(pkgs.subversionClient.override {saslSupport = true;})]; + packages = [ (pkgs.subversionClient.override { saslSupport = true; }) ]; }; }; } diff --git a/modules/common/tmux.nix b/modules/common/tmux.nix index e978f72..a754222 100644 --- a/modules/common/tmux.nix +++ b/modules/common/tmux.nix @@ -1,13 +1,10 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.tmux; -in { - options.nixfiles.modules.tmux.enable = - mkEnableOption "tmux"; +in +{ + options.nixfiles.modules.tmux.enable = mkEnableOption "tmux"; config = mkIf cfg.enable { hm.programs.tmux = { diff --git a/modules/common/vim/default.nix b/modules/common/vim/default.nix index e305cf1..93729bc 100644 --- a/modules/common/vim/default.nix +++ b/modules/common/vim/default.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.vim; -in { +in +{ options.nixfiles.modules.vim = { enable = mkEnableOption "Vim"; @@ -35,7 +37,7 @@ in { hm.stylix.targets.vim.enable = false; environment = with config.programs.vim; { - systemPackages = [package]; + systemPackages = [ package ]; variables = rec { EDITOR = mkOverride 15 (getExe' package "vim"); VISUAL = EDITOR; diff --git a/modules/common/vscode.nix b/modules/common/vscode.nix index 8901113..bd840d8 100644 --- a/modules/common/vscode.nix +++ b/modules/common/vscode.nix @@ -5,15 +5,22 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.vscode; -in { +in +{ options.nixfiles.modules.vscode = { enable = mkEnableOption "VSCode"; - package = with pkgs; + package = + with pkgs; mkOption { - type = types.enum [vscodium vscode vscode-fhs]; + type = types.enum [ + vscodium + vscode + vscode-fhs + ]; default = vscodium; description = "Which package to use as a VSCode implementation."; }; @@ -29,203 +36,209 @@ in { hm = { stylix.targets.vscode.enable = false; - programs.vscode = with config.nixfiles; - with modules; - with profiles; { - enable = true; - - inherit (cfg) package; - - extensions = with pkgs.open-vsx; - [ - editorconfig.editorconfig - efoerster.texlab - github.vscode-pull-request-github - gitlab.gitlab-workflow - golang.go - graphql.vscode-graphql - graphql.vscode-graphql-execution - graphql.vscode-graphql-syntax - hashicorp.hcl - hashicorp.terraform - haskell.haskell - jnoortheen.nix-ide - kahole.magit - mads-hartmann.bash-ide-vscode - mkhl.direnv - ms-kubernetes-tools.vscode-kubernetes-tools - ms-python.python - redhat.ansible - redhat.vscode-xml - redhat.vscode-yaml - rust-lang.rust - signageos.signageos-vscode-sops - skellock.just - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-british-english - streetsidesoftware.code-spell-checker-russian - streetsidesoftware.code-spell-checker-scientific-terms - tamasfe.even-better-toml - task.vscode-task - vscode-org-mode.org-mode - ziglang.vscode-zig - ] - ++ optional cfg.vim.enable vscodevim.vim; - - userSettings = { - editor = { - codeLens = false; - cursorStyle = "block"; - detectIndentation = true; - minimap.enabled = false; - renderWhitespace = "trailing"; - rulers = [80 120]; - smoothScrolling = false; - tabCompletion = "on"; - cursorSurroundingLines = 10; - scrollBeyondLastColumn = 10; - }; + programs.vscode = + with config.nixfiles; + with modules; + with profiles; + { + enable = true; + + inherit (cfg) package; + + extensions = + with pkgs.open-vsx; + [ + editorconfig.editorconfig + efoerster.texlab + github.vscode-pull-request-github + gitlab.gitlab-workflow + golang.go + graphql.vscode-graphql + graphql.vscode-graphql-execution + graphql.vscode-graphql-syntax + hashicorp.hcl + hashicorp.terraform + haskell.haskell + jnoortheen.nix-ide + kahole.magit + mads-hartmann.bash-ide-vscode + mkhl.direnv + ms-kubernetes-tools.vscode-kubernetes-tools + ms-python.python + redhat.ansible + redhat.vscode-xml + redhat.vscode-yaml + rust-lang.rust + signageos.signageos-vscode-sops + skellock.just + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-british-english + streetsidesoftware.code-spell-checker-russian + streetsidesoftware.code-spell-checker-scientific-terms + tamasfe.even-better-toml + task.vscode-task + vscode-org-mode.org-mode + ziglang.vscode-zig + ] + ++ optional cfg.vim.enable vscodevim.vim; + + userSettings = { + editor = { + codeLens = false; + cursorStyle = "block"; + detectIndentation = true; + minimap.enabled = false; + renderWhitespace = "trailing"; + rulers = [ + 80 + 120 + ]; + smoothScrolling = false; + tabCompletion = "on"; + cursorSurroundingLines = 10; + scrollBeyondLastColumn = 10; + }; - keyboard.dispatch = "keyCode"; + keyboard.dispatch = "keyCode"; - diffEditor.codeLens = false; + diffEditor.codeLens = false; - files = { - autoSave = "off"; - enableTrash = false; - }; + files = { + autoSave = "off"; + enableTrash = false; + }; - workbench = { - activityBar.location = "hidden"; - colorTheme = "Default Light Modern"; - editor.highlightModifiedTabs = true; - enableExperiments = false; - settings.enableNaturalLanguageSearch = false; - startupEditor = "none"; - tips.enabled = false; - tree.indent = 4; - welcomePage = { - walkthroughs.openOnInstall = false; - preferReducedMotion = true; + workbench = { + activityBar.location = "hidden"; + colorTheme = "Default Light Modern"; + editor.highlightModifiedTabs = true; + enableExperiments = false; + settings.enableNaturalLanguageSearch = false; + startupEditor = "none"; + tips.enabled = false; + tree.indent = 4; + welcomePage = { + walkthroughs.openOnInstall = false; + preferReducedMotion = true; + }; }; - }; - extensions = { - autoCheckUpdates = false; - autoUpdate = false; - ignoreRecommendations = true; - }; + extensions = { + autoCheckUpdates = false; + autoUpdate = false; + ignoreRecommendations = true; + }; - terminal.integrated = { - enableBell = true; - }; + terminal.integrated = { + enableBell = true; + }; - update = { - mode = "none"; - showReleaseNotes = false; - }; + update = { + mode = "none"; + showReleaseNotes = false; + }; - telemetry = { - enableCrashReporter = false; - enableTelemetry = false; - }; + telemetry = { + enableCrashReporter = false; + enableTelemetry = false; + }; - security.workspace.trust.enabled = false; + security.workspace.trust.enabled = false; - # Extensions. + # Extensions. - ansible = { ansible = { - useFullyQualifiedCollectionNames = true; - reuseTerminal = true; + ansible = { + useFullyQualifiedCollectionNames = true; + reuseTerminal = true; + }; + validation.lint.path = getExe' pkgs.ansible-lint "ansible-lint"; }; - validation.lint.path = getExe' pkgs.ansible-lint "ansible-lint"; - }; - bashIde.shellcheckPath = getExe' pkgs.shellcheck "shellcheck"; + bashIde.shellcheckPath = getExe' pkgs.shellcheck "shellcheck"; - cSpell.language = "en-GB,en,ru"; + cSpell.language = "en-GB,en,ru"; - direnv = { - restart.automatic = true; - }; + direnv = { + restart.automatic = true; + }; - magit = { - forge-enabled = true; - git-path = getExe config.hm.programs.git.package; - }; + magit = { + forge-enabled = true; + git-path = getExe config.hm.programs.git.package; + }; - git.openRepositoryInParentFolders = "always"; + git.openRepositoryInParentFolders = "always"; - github = { - branchProtection = true; - gitProtocol = "ssh"; - }; + github = { + branchProtection = true; + gitProtocol = "ssh"; + }; - terraform = { - languageServer.path = getExe' pkgs.terraform-ls "terraform-ls"; - languageServer.terraform.path = getExe pkgs.opentofu; - }; + terraform = { + languageServer.path = getExe' pkgs.terraform-ls "terraform-ls"; + languageServer.terraform.path = getExe pkgs.opentofu; + }; - haskell = { - formattingProvider = "ormolu"; - serverExecutablePath = getExe' pkgs.haskell-language-server "haskell-language-server"; - }; + haskell = { + formattingProvider = "ormolu"; + serverExecutablePath = getExe' pkgs.haskell-language-server "haskell-language-server"; + }; - nix = { - enableLanguageServer = true; - serverPath = getExe pkgs.nil; - }; + nix = { + enableLanguageServer = true; + serverPath = getExe pkgs.nil; + }; - python = with pkgs.python311Packages; { - experiments.optOutFrom = ["All"]; - pipenvPath = getExe' pkgs.pipenv "pipenv"; - poetryPath = getExe' pkgs.poetry "poetry"; - formatting = { - provider = "black"; - autopep8Path = getExe' autopep8 "autopep8"; - blackPath = getExe' black "black"; - yapfPath = getExe' yapf "yapf"; - }; - linting = { - enabled = true; - banditPath = getExe' bandit "bandit"; - flake8Path = getExe' flake8 "flake8"; - mypyPath = getExe' mypy "mypy"; - pycodestylePath = getExe' pycodestyle "pycodestyle"; - pydocstylePath = getExe' pydocstyle "pydocstyle"; - pylamaPath = getExe' pylama "pylama"; - pylintPath = getExe' pylint "pylint"; - }; - testing = { - pytestPath = getExe' pytest "pytest"; + python = with pkgs.python311Packages; { + experiments.optOutFrom = [ "All" ]; + pipenvPath = getExe' pkgs.pipenv "pipenv"; + poetryPath = getExe' pkgs.poetry "poetry"; + formatting = { + provider = "black"; + autopep8Path = getExe' autopep8 "autopep8"; + blackPath = getExe' black "black"; + yapfPath = getExe' yapf "yapf"; + }; + linting = { + enabled = true; + banditPath = getExe' bandit "bandit"; + flake8Path = getExe' flake8 "flake8"; + mypyPath = getExe' mypy "mypy"; + pycodestylePath = getExe' pycodestyle "pycodestyle"; + pydocstylePath = getExe' pydocstyle "pydocstyle"; + pylamaPath = getExe' pylama "pylama"; + pylintPath = getExe' pylint "pylint"; + }; + testing = { + pytestPath = getExe' pytest "pytest"; + }; }; - }; - rust-client = { - disableRustup = true; - rustupPath = getExe' pkgs.rustup "rustup"; - rustfmt_path = getExe pkgs.rustfmt; - }; + rust-client = { + disableRustup = true; + rustupPath = getExe' pkgs.rustup "rustup"; + rustfmt_path = getExe pkgs.rustfmt; + }; - vim = mkIf cfg.vim.enable { - easymotion = true; + vim = mkIf cfg.vim.enable { + easymotion = true; - leader = " "; + leader = " "; - useSystemClipboard = true; - }; + useSystemClipboard = true; + }; - zig.zls = { - checkForUpdate = false; - path = getExe' pkgs.zls "zls"; - }; + zig.zls = { + checkForUpdate = false; + path = getExe' pkgs.zls "zls"; + }; - redhat.telemetry.enabled = false; + redhat.telemetry.enabled = false; + }; }; - }; }; - nixpkgs.overlays = [inputs.vscode-extensions.overlays.default]; + nixpkgs.overlays = [ inputs.vscode-extensions.overlays.default ]; }; } diff --git a/modules/common/wget.nix b/modules/common/wget.nix index 1cd8eae..0e8ee64 100644 --- a/modules/common/wget.nix +++ b/modules/common/wget.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.wget; -in { +in +{ options.nixfiles.modules.wget.enable = mkEnableOption "wget"; config = mkIf cfg.enable { @@ -30,6 +32,6 @@ in { ''; }; - environment.systemPackages = with pkgs; [wget]; + environment.systemPackages = with pkgs; [ wget ]; }; } diff --git a/modules/common/zathura.nix b/modules/common/zathura.nix index b13d2a6..bc92258 100644 --- a/modules/common/zathura.nix +++ b/modules/common/zathura.nix @@ -1,13 +1,10 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.zathura; -in { - options.nixfiles.modules.zathura.enable = - mkEnableOption "Zathura PDF reader"; +in +{ + options.nixfiles.modules.zathura.enable = mkEnableOption "Zathura PDF reader"; config = mkIf cfg.enable { hm.programs.zathura = { diff --git a/modules/darwin/common/home-manager.nix b/modules/darwin/common/home-manager.nix index 4fc6cbe..487c64b 100644 --- a/modules/darwin/common/home-manager.nix +++ b/modules/darwin/common/home-manager.nix @@ -1,3 +1,4 @@ -{inputs, ...}: { - imports = [inputs.home-manager.darwinModule]; +{ inputs, ... }: +{ + imports = [ inputs.home-manager.darwinModule ]; } diff --git a/modules/darwin/common/locale.nix b/modules/darwin/common/locale.nix index 1ecf6fe..19770a3 100644 --- a/modules/darwin/common/locale.nix +++ b/modules/darwin/common/locale.nix @@ -1,7 +1,8 @@ -{lib, ...}: -with lib; { +{ lib, ... }: +with lib; +{ environment.variables.LANG = "en_GB.UTF-8"; # TODO https://daiderd.com/nix-darwin/manual/index.html#opt-system.keyboard.enableKeyMapping - system.keyboard = {}; + system.keyboard = { }; } diff --git a/modules/darwin/common/networking.nix b/modules/darwin/common/networking.nix index 2843bc4..eae7c2f 100644 --- a/modules/darwin/common/networking.nix +++ b/modules/darwin/common/networking.nix @@ -2,7 +2,8 @@ localHostname ? this.hostname, this, ... -}: { +}: +{ networking = { computerName = localHostname; hostName = localHostname; diff --git a/modules/darwin/common/nix.nix b/modules/darwin/common/nix.nix index 10aeb03..63b0d90 100644 --- a/modules/darwin/common/nix.nix +++ b/modules/darwin/common/nix.nix @@ -1,9 +1,6 @@ +{ lib, this, ... }: +with lib; { - lib, - this, - ... -}: -with lib; { nix = { daemonIOLowPriority = false; daemonProcessType = "Standard"; diff --git a/modules/darwin/common/secrets.nix b/modules/darwin/common/secrets.nix index 0656ae8..681c5c2 100644 --- a/modules/darwin/common/secrets.nix +++ b/modules/darwin/common/secrets.nix @@ -1,3 +1,4 @@ -{inputs, ...}: { - imports = [inputs.agenix.darwinModules.default]; +{ inputs, ... }: +{ + imports = [ inputs.agenix.darwinModules.default ]; } diff --git a/modules/darwin/common/shell.nix b/modules/darwin/common/shell.nix index 5985f50..2139f2f 100644 --- a/modules/darwin/common/shell.nix +++ b/modules/darwin/common/shell.nix @@ -1,3 +1,4 @@ -{pkgs, ...}: { - environment.shells = with pkgs; [bashInteractive]; +{ pkgs, ... }: +{ + environment.shells = with pkgs; [ bashInteractive ]; } diff --git a/modules/darwin/common/stylix.nix b/modules/darwin/common/stylix.nix index cfeed05..8712172 100644 --- a/modules/darwin/common/stylix.nix +++ b/modules/darwin/common/stylix.nix @@ -4,8 +4,9 @@ lib, ... }: -with lib; { - imports = [inputs.stylix.darwinModules.stylix]; +with lib; +{ + imports = [ inputs.stylix.darwinModules.stylix ]; fonts.fonts = mkAfter config.nixfiles.modules.common.stylix.fonts.extraPackages; } diff --git a/modules/darwin/common/users.nix b/modules/darwin/common/users.nix index 957e50c..9043f51 100644 --- a/modules/darwin/common/users.nix +++ b/modules/darwin/common/users.nix @@ -3,7 +3,8 @@ localUsername ? lib.my.username, ... }: -with lib; { +with lib; +{ # The only MacOS machine I'm currently using has a pre-configured domain user # account that I have to login as. I may accidentally break something if I # change options here so this section is left practically untouched. diff --git a/modules/darwin/common/xdg.nix b/modules/darwin/common/xdg.nix index 9e798ad..526dc0b 100644 --- a/modules/darwin/common/xdg.nix +++ b/modules/darwin/common/xdg.nix @@ -1,12 +1,11 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.common.xdg; -in { - hm.home.sessionVariables = with cfg; +in +{ + hm.home.sessionVariables = + with cfg; { XDG_CACHE_HOME = cacheHome; XDG_CONFIG_HOME = configHome; diff --git a/modules/darwin/gnupg.nix b/modules/darwin/gnupg.nix index 073d3b1..d8b1cf1 100644 --- a/modules/darwin/gnupg.nix +++ b/modules/darwin/gnupg.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.gnupg; -in { +in +{ config = mkIf cfg.enable { programs.gnupg.agent = { enable = true; diff --git a/modules/darwin/homebrew.nix b/modules/darwin/homebrew.nix index 643787a..41a2c6c 100644 --- a/modules/darwin/homebrew.nix +++ b/modules/darwin/homebrew.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.homebrew; -in { +in +{ options.nixfiles.modules.homebrew.enable = mkEnableOption "Homebrew"; config = mkIf cfg.enable { diff --git a/modules/darwin/profiles/default.nix b/modules/darwin/profiles/default.nix index c18f2bb..9a3353f 100644 --- a/modules/darwin/profiles/default.nix +++ b/modules/darwin/profiles/default.nix @@ -4,21 +4,21 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.default; -in { - imports = [ - ./headful.nix - ]; +in +{ + imports = [ ./headful.nix ]; config = mkIf cfg.enable { - hm.home.packages = with pkgs; [m-cli]; + hm.home.packages = with pkgs; [ m-cli ]; system = { defaults = { - CustomUserPreferences = {}; + CustomUserPreferences = { }; - ActivityMonitor = {}; + ActivityMonitor = { }; NSGlobalDomain = { AppleEnableMouseSwipeNavigateWithScrolls = true; diff --git a/modules/darwin/profiles/headful.nix b/modules/darwin/profiles/headful.nix index 826e45a..023386b 100644 --- a/modules/darwin/profiles/headful.nix +++ b/modules/darwin/profiles/headful.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.headful; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules.homebrew.enable = true; @@ -23,9 +25,9 @@ in { ]; homebrew.casks = [ - {name = "firefox";} - {name = "iterm2";} - {name = "telegram-desktop";} + { name = "firefox"; } + { name = "iterm2"; } + { name = "telegram-desktop"; } ]; }; } diff --git a/modules/darwin/vim/default.nix b/modules/darwin/vim/default.nix index e0a6898..4c3f7e1 100644 --- a/modules/darwin/vim/default.nix +++ b/modules/darwin/vim/default.nix @@ -4,28 +4,35 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.vim; -in { +in +{ config = mkIf cfg.enable { programs.vim.package = - (pkgs.macvim.overrideAttrs (_: _: { - # Too much of a hassle to selectively override this. Let's just - # explicitly override everything. - configureFlags = [ - "--disable-luainterp" - "--disable-python3interp" - "--disable-sparkle" - "--enable-gui=macvim" - "--with-compiledby=Nix" - "--with-features=huge" - "--with-tlib=ncurses" - "--without-local-dir" - ]; - })) - .configure (with cfg; { - customRC = rc; - packages.myVimPackage.start = plugins; - }); + (pkgs.macvim.overrideAttrs ( + _: _: { + # Too much of a hassle to selectively override this. Let's just + # explicitly override everything. + configureFlags = [ + "--disable-luainterp" + "--disable-python3interp" + "--disable-sparkle" + "--enable-gui=macvim" + "--with-compiledby=Nix" + "--with-features=huge" + "--with-tlib=ncurses" + "--without-local-dir" + ]; + } + )).configure + ( + with cfg; + { + customRC = rc; + packages.myVimPackage.start = plugins; + } + ); }; } diff --git a/modules/nixos/acme.nix b/modules/nixos/acme.nix index 49be684..6a75818 100644 --- a/modules/nixos/acme.nix +++ b/modules/nixos/acme.nix @@ -1,13 +1,15 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.acme; -in { +in +{ imports = [ - (mkAliasOptionModule ["certs"] ["security" "acme" "certs"]) + (mkAliasOptionModule [ "certs" ] [ + "security" + "acme" + "certs" + ]) ]; options.nixfiles.modules.acme = { @@ -21,7 +23,7 @@ in { }; config = mkIf cfg.enable { - ark.directories = ["/var/lib/acme"]; + ark.directories = [ "/var/lib/acme" ]; security.acme = { acceptTerms = true; diff --git a/modules/nixos/alertmanager.nix b/modules/nixos/alertmanager.nix index 4d7f2ec..a3457bc 100644 --- a/modules/nixos/alertmanager.nix +++ b/modules/nixos/alertmanager.nix @@ -5,10 +5,12 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.alertmanager; -in { - imports = [inputs.alertmanager-ntfy.nixosModules.default]; +in +{ + imports = [ inputs.alertmanager-ntfy.nixosModules.default ]; options.nixfiles.modules.alertmanager = { enable = mkEnableOption "Alertmanager"; @@ -31,7 +33,7 @@ in { ntfy.enable = true; nginx = { enable = true; - upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://alertmanager"; extraConfig = libNginx.config.internalOnly; @@ -59,16 +61,14 @@ in { route = { receiver = my.username; - group_by = ["alertname"]; + group_by = [ "alertname" ]; }; receivers = [ { name = my.username; webhook_configs = [ - { - url = with config.services.alertmanager-ntfy; "http://${httpAddress}:${httpPort}"; - } + { url = with config.services.alertmanager-ntfy; "http://${httpAddress}:${httpPort}"; } ]; } ]; diff --git a/modules/nixos/android.nix b/modules/nixos/android.nix index 41b7ef9..363bd6c 100644 --- a/modules/nixos/android.nix +++ b/modules/nixos/android.nix @@ -1,16 +1,14 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.android; -in { +in +{ options.nixfiles.modules.android.enable = mkEnableOption "support for Android devices"; config = mkIf cfg.enable { programs.adb.enable = true; - my.extraGroups = ["adbusers"]; + my.extraGroups = [ "adbusers" ]; }; } diff --git a/modules/nixos/beets.nix b/modules/nixos/beets.nix index f01e412..732f400 100644 --- a/modules/nixos/beets.nix +++ b/modules/nixos/beets.nix @@ -4,99 +4,102 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.beets; -in { - options.nixfiles.modules.beets.enable = - mkEnableOption "beets"; +in +{ + options.nixfiles.modules.beets.enable = mkEnableOption "beets"; config = mkIf cfg.enable { - hm = let - beetsdir = "${config.dirs.data}/beets"; - in { - home = { - activation.initialiseBeets = '' - if [[ ! -d "${beetsdir}" ]]; then - mkdir -p ${beetsdir} - fi - ''; + hm = + let + beetsdir = "${config.dirs.data}/beets"; + in + { + home = { + activation.initialiseBeets = '' + if [[ ! -d "${beetsdir}" ]]; then + mkdir -p ${beetsdir} + fi + ''; - sessionVariables.BEETSDIR = beetsdir; - }; + sessionVariables.BEETSDIR = beetsdir; + }; - programs = { - beets = { - enable = true; + programs = { + beets = { + enable = true; - package = pkgs.beets-unstable; + package = pkgs.beets-unstable; - settings = { - library = "${beetsdir}/library.db"; - directory = config.userDirs.music; - plugins = concatStringsSep " " [ - "badfiles" - "edit" - "fetchart" - "info" - "mbsync" - "mpdupdate" - "scrub" - "zero" - ]; - original_date = true; - import = { - write = true; - copy = true; - move = false; - bell = true; - from_scratch = true; - }; - match = { - preferred = { - countries = [ - "JP" - "KR" - "TW" - "HK" - "CN" - "RU" - "NL" - "DE" - "AT" - "GB|UK" - "CA" - "AU" - "NZ" - "US" - ]; - original_year = true; + settings = { + library = "${beetsdir}/library.db"; + directory = config.userDirs.music; + plugins = concatStringsSep " " [ + "badfiles" + "edit" + "fetchart" + "info" + "mbsync" + "mpdupdate" + "scrub" + "zero" + ]; + original_date = true; + import = { + write = true; + copy = true; + move = false; + bell = true; + from_scratch = true; + }; + match = { + preferred = { + countries = [ + "JP" + "KR" + "TW" + "HK" + "CN" + "RU" + "NL" + "DE" + "AT" + "GB|UK" + "CA" + "AU" + "NZ" + "US" + ]; + original_year = true; + }; + }; + edit = { + albumfields = "album artist albumartist"; + itemfields = "track title album artist albumartist day month year genre"; + }; + fetchart = { + auto = true; + cautious = true; + cover_names = "cover Cover folder Folder art Art album Album front Front"; + sources = "filesystem coverart itunes amazon albumart wikipedia"; + high_resolution = true; + }; + scrub.auto = true; + zero = { + fields = "comments genre"; + update_database = true; + }; + mpd = { + host = "127.0.0.1"; + port = 6600; }; - }; - edit = { - albumfields = "album artist albumartist"; - itemfields = "track title album artist albumartist day month year genre"; - }; - fetchart = { - auto = true; - cautious = true; - cover_names = "cover Cover folder Folder art Art album Album front Front"; - sources = "filesystem coverart itunes amazon albumart wikipedia"; - high_resolution = true; - }; - scrub.auto = true; - zero = { - fields = "comments genre"; - update_database = true; - }; - mpd = { - host = "127.0.0.1"; - port = 6600; }; }; - }; - bash.shellAliases.beet = "beet --config ${config.dirs.config}/beets/config.yaml"; + bash.shellAliases.beet = "beet --config ${config.dirs.config}/beets/config.yaml"; + }; }; - }; }; } diff --git a/modules/nixos/bluetooth.nix b/modules/nixos/bluetooth.nix index 26d081d..117aff7 100644 --- a/modules/nixos/bluetooth.nix +++ b/modules/nixos/bluetooth.nix @@ -1,16 +1,13 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.bluetooth; -in { - options.nixfiles.modules.bluetooth.enable = - mkEnableOption "Bluetooth support"; +in +{ + options.nixfiles.modules.bluetooth.enable = mkEnableOption "Bluetooth support"; config = mkIf cfg.enable { - ark.directories = ["/var/lib/bluetooth"]; + ark.directories = [ "/var/lib/bluetooth" ]; hardware.bluetooth = { enable = true; diff --git a/modules/nixos/chromium.nix b/modules/nixos/chromium.nix index 3b87b4c..c7842d5 100644 --- a/modules/nixos/chromium.nix +++ b/modules/nixos/chromium.nix @@ -4,14 +4,16 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.chromium; -in { +in +{ options.nixfiles.modules.chromium.enable = mkEnableOption "Chromium"; config = mkIf cfg.enable { hm = { - home.packages = with pkgs; [profile-cleaner]; + home.packages = with pkgs; [ profile-cleaner ]; programs.chromium = { enable = true; @@ -19,7 +21,7 @@ in { package = pkgs.ungoogled-chromium; extensions = [ - {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";} # uBlock Origin + { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin ]; }; }; diff --git a/modules/nixos/clickhouse.nix b/modules/nixos/clickhouse.nix index 4fae683..12dc7fa 100644 --- a/modules/nixos/clickhouse.nix +++ b/modules/nixos/clickhouse.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.clickhouse; -in { +in +{ options.nixfiles.modules.clickhouse = { enable = mkEnableOption "Clickhouse"; }; diff --git a/modules/nixos/common/ark.nix b/modules/nixos/common/ark.nix index 3a12050..6c7148f 100644 --- a/modules/nixos/common/ark.nix +++ b/modules/nixos/common/ark.nix @@ -4,34 +4,42 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.ark; -in { +in +{ imports = [ - (mkAliasOptionModule ["ark"] ["nixfiles" "modules" "ark"]) + (mkAliasOptionModule [ "ark" ] [ + "nixfiles" + "modules" + "ark" + ]) inputs.impermanence.nixosModules.impermanence ]; - options.nixfiles.modules.ark = let - mkListOfAnythingOption = mkOption { - type = with types; listOf anything; # Assumed to be matching with the upstream type. - default = []; - }; - in { - enable = mkEnableOption "persistent storage support via impermanence"; + options.nixfiles.modules.ark = + let + mkListOfAnythingOption = mkOption { + type = with types; listOf anything; # Assumed to be matching with the upstream type. + default = [ ]; + }; + in + { + enable = mkEnableOption "persistent storage support via impermanence"; - path = mkOption { - type = types.str; - default = "/ark"; - }; + path = mkOption { + type = types.str; + default = "/ark"; + }; - directories = mkListOfAnythingOption; - files = mkListOfAnythingOption; - # hm = { - # directories = mkListOfAnythingOption; - # files = mkListOfAnythingOption; - # }; - }; + directories = mkListOfAnythingOption; + files = mkListOfAnythingOption; + # hm = { + # directories = mkListOfAnythingOption; + # files = mkListOfAnythingOption; + # }; + }; config = mkIf cfg.enable { environment.persistence.${cfg.path} = { diff --git a/modules/nixos/common/console.nix b/modules/nixos/common/console.nix index 3491e37..330310c 100644 --- a/modules/nixos/common/console.nix +++ b/modules/nixos/common/console.nix @@ -1,8 +1,5 @@ +{ config, pkgs, ... }: { - config, - pkgs, - ... -}: { stylix.targets.console.enable = false; console = { diff --git a/modules/nixos/common/documentation.nix b/modules/nixos/common/documentation.nix index cb66818..f7d1585 100644 --- a/modules/nixos/common/documentation.nix +++ b/modules/nixos/common/documentation.nix @@ -5,7 +5,8 @@ this, ... }: -with lib; { +with lib; +{ config = mkIf this.isHeadful { documentation = { dev.enable = true; @@ -14,13 +15,12 @@ with lib; { man.man-db.manualPages = (pkgs.buildEnv { name = "man-paths"; - paths = with config; - environment.systemPackages ++ hm.home.packages; - pathsToLink = ["/share/man"]; - extraOutputsToInstall = ["man"]; + paths = with config; environment.systemPackages ++ hm.home.packages; + pathsToLink = [ "/share/man" ]; + extraOutputsToInstall = [ "man" ]; ignoreCollisions = true; - }) - .overrideAttrs (_: _: {__contentAddressed = true;}); + }).overrideAttrs + (_: _: { __contentAddressed = true; }); }; environment.sessionVariables = { diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index 52f2fd3..c553a65 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -1,3 +1,4 @@ -{inputs, ...}: { - imports = [inputs.home-manager.nixosModule]; +{ inputs, ... }: +{ + imports = [ inputs.home-manager.nixosModule ]; } diff --git a/modules/nixos/common/kernel.nix b/modules/nixos/common/kernel.nix index 2fc40f9..5c45b5d 100644 --- a/modules/nixos/common/kernel.nix +++ b/modules/nixos/common/kernel.nix @@ -1,11 +1,12 @@ -{lib, ...}: -with lib; { +{ lib, ... }: +with lib; +{ boot = { # I don't use it even on laptops. It's also /required/ to disable it for # ZFS[1]. # [1]: https://github.com/openzfs/zfs/issues/260 # [1]: https://github.com/openzfs/zfs/issues/12842 - kernelParams = ["hibernate=no"]; + kernelParams = [ "hibernate=no" ]; kernel.sysctl = { "fs.file-max" = pow 2 17; diff --git a/modules/nixos/common/locale.nix b/modules/nixos/common/locale.nix index 76186bc..699f89b 100644 --- a/modules/nixos/common/locale.nix +++ b/modules/nixos/common/locale.nix @@ -1,9 +1,6 @@ +{ lib, pkgs, ... }: +with lib; { - lib, - pkgs, - ... -}: -with lib; { i18n = { defaultLocale = mkDefault "en_GB.UTF-8"; supportedLocales = [ diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix index fb7d9b2..ecadf6e 100644 --- a/modules/nixos/common/networking.nix +++ b/modules/nixos/common/networking.nix @@ -5,14 +5,16 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.common.networking; -in { - options.nixfiles.modules.common.networking.onlyDefault = - mkEnableOption "custom networking settings"; +in +{ + options.nixfiles.modules.common.networking.onlyDefault = mkEnableOption "custom networking settings"; config = mkIf (!cfg.onlyDefault) { - ark.directories = with config.networking; + ark.directories = + with config.networking; optional networkmanager.enable "/etc/NetworkManager/system-connections" ++ optional wireless.iwd.enable "/var/lib/iwd"; @@ -27,8 +29,8 @@ in { # Remove default hostname mappings. This is required at least by the # current implementation of the monitoring module. hosts = { - "127.0.0.2" = mkForce []; - "::1" = mkForce []; + "127.0.0.2" = mkForce [ ]; + "::1" = mkForce [ ]; }; nameservers = mkDefault dns.const.quad9.default; @@ -52,33 +54,35 @@ in { logReversePathDrops = false; }; } - (let - interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. - in + ( + let + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. + in mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { usePredictableInterfaceNames = false; # NOTE This can break something! interfaces.${interface} = { - ipv4.addresses = with this.ipv4; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; - - ipv6.addresses = with this.ipv6; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; + ipv4.addresses = + with this.ipv4; + optional (isString address && isInt prefixLength) { inherit address prefixLength; }; + + ipv6.addresses = + with this.ipv6; + optional (isString address && isInt prefixLength) { inherit address prefixLength; }; }; - defaultGateway = with this.ipv4; + defaultGateway = + with this.ipv4; mkIf (isString gatewayAddress) { inherit interface; address = gatewayAddress; }; - defaultGateway6 = with this.ipv6; + defaultGateway6 = + with this.ipv6; mkIf (isString gatewayAddress) { inherit interface; address = gatewayAddress; }; - }) + } + ) (mkIf this.isHeadful { interfaces = { eth0.useDHCP = mkDefault true; @@ -100,12 +104,8 @@ in { ]; environment = { - shellAliases = listToAttrs (map - ({ - name, - value, - }: - nameValuePair name "${pkgs.iproute2}/bin/${value}") [ + shellAliases = listToAttrs ( + map ({ name, value }: nameValuePair name "${pkgs.iproute2}/bin/${value}") [ { name = "bridge"; value = "bridge -color=always"; @@ -118,7 +118,8 @@ in { name = "tc"; value = "tc -color=always"; } - ]); + ] + ); systemPackages = with pkgs; [ ethtool diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix index 2976cfc..146575d 100644 --- a/modules/nixos/common/nix.nix +++ b/modules/nixos/common/nix.nix @@ -4,13 +4,15 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.common.nix; -in { +in +{ options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption { description = "A list of allowed unfree packages."; type = with types; listOf str; - default = []; + default = [ ]; }; config = { @@ -22,13 +24,12 @@ in { nixpkgs.config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; - system.stateVersion = with builtins; - head (split "\n" (readFile "${inputs.nixpkgs}/.version")); + system.stateVersion = with builtins; head (split "\n" (readFile "${inputs.nixpkgs}/.version")); environment = { sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; localBinInPath = true; - defaultPackages = []; + defaultPackages = [ ]; }; }; } diff --git a/modules/nixos/common/secrets.nix b/modules/nixos/common/secrets.nix index 9a82c44..31787ac 100644 --- a/modules/nixos/common/secrets.nix +++ b/modules/nixos/common/secrets.nix @@ -1,3 +1,4 @@ -{inputs, ...}: { - imports = [inputs.agenix.nixosModules.default]; +{ inputs, ... }: +{ + imports = [ inputs.agenix.nixosModules.default ]; } diff --git a/modules/nixos/common/shell.nix b/modules/nixos/common/shell.nix index 5fbc441..a1a7f08 100644 --- a/modules/nixos/common/shell.nix +++ b/modules/nixos/common/shell.nix @@ -1,3 +1 @@ -_: { - programs.command-not-found.enable = false; -} +_: { programs.command-not-found.enable = false; } diff --git a/modules/nixos/common/stylix.nix b/modules/nixos/common/stylix.nix index 5ca5571..a89943a 100644 --- a/modules/nixos/common/stylix.nix +++ b/modules/nixos/common/stylix.nix @@ -5,8 +5,9 @@ pkgs, ... }: -with lib; { - imports = [inputs.stylix.nixosModules.stylix]; +with lib; +{ + imports = [ inputs.stylix.nixosModules.stylix ]; stylix.cursor = { name = "phinger-cursors"; diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix index 3972670..b393d9f 100644 --- a/modules/nixos/common/systemd.nix +++ b/modules/nixos/common/systemd.nix @@ -1,14 +1,11 @@ +{ config, pkgs, ... }: { - config, - pkgs, - ... -}: { ark = { - files = ["/etc/machine-id"]; - directories = ["/var/lib/systemd/coredump"]; + files = [ "/etc/machine-id" ]; + directories = [ "/var/lib/systemd/coredump" ]; }; - my.extraGroups = ["systemd-journal"]; + my.extraGroups = [ "systemd-journal" ]; hm.systemd.user.startServices = "sd-switch"; @@ -24,15 +21,19 @@ SystemMaxUse=5G ''; - systemd = let - extraConfig = '' - DefaultTimeoutStartSec=30s - DefaultTimeoutStopSec=15s - ''; - in { - inherit extraConfig; - user = {inherit extraConfig;}; - }; + systemd = + let + extraConfig = '' + DefaultTimeoutStartSec=30s + DefaultTimeoutStopSec=15s + ''; + in + { + inherit extraConfig; + user = { + inherit extraConfig; + }; + }; environment.sessionVariables = { SYSTEMD_PAGERSECURE = "1"; diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix index 367af41..eca9e1b 100644 --- a/modules/nixos/common/users.nix +++ b/modules/nixos/common/users.nix @@ -1,8 +1,10 @@ -{lib, ...}: -with lib; let +{ lib, ... }: +with lib; +let home = "/home/${my.username}"; -in { - ark.directories = [home]; +in +{ + ark.directories = [ home ]; users = { mutableUsers = false; @@ -16,8 +18,8 @@ in { description = my.fullname; inherit home; inherit (my) hashedPassword; - openssh.authorizedKeys.keys = [my.ssh.key]; - extraGroups = ["wheel"]; + openssh.authorizedKeys.keys = [ my.ssh.key ]; + extraGroups = [ "wheel" ]; }; }; }; diff --git a/modules/nixos/common/xdg.nix b/modules/nixos/common/xdg.nix index 668996f..1fe167e 100644 --- a/modules/nixos/common/xdg.nix +++ b/modules/nixos/common/xdg.nix @@ -4,19 +4,19 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.common.xdg; -in { +in +{ options.nixfiles.modules.common.xdg.defaultApplications = mkOption { description = "Default applications."; type = with types; attrsOf (listOf str); - default = {}; + default = { }; }; config = { - xdg.portal = mkIf this.isHeadful { - enable = true; - }; + xdg.portal = mkIf this.isHeadful { enable = true; }; hm.xdg = mkMerge [ (with cfg; { @@ -31,11 +31,9 @@ in { (mkIf this.isHeadful { mimeApps = { enable = true; - defaultApplications = - mkMerge - (mapAttrsToList - (n: v: genAttrs v (_: ["${n}.desktop"])) - cfg.defaultApplications); + defaultApplications = mkMerge ( + mapAttrsToList (n: v: genAttrs v (_: [ "${n}.desktop" ])) cfg.defaultApplications + ); }; }) ]; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 1a42517..1d5e905 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -15,12 +15,14 @@ _: { ./endlessh.nix ./fail2ban.nix ./firefox + ./foot.nix ./games ./git ./gnupg.nix ./gotify.nix ./grafana.nix ./hydra.nix + ./incus.nix ./ipfs.nix ./jackett.nix ./k3s.nix @@ -28,7 +30,6 @@ _: { ./libvirtd.nix ./lidarr.nix ./loki.nix - ./incus.nix ./matrix ./monitoring ./mpd.nix diff --git a/modules/nixos/docker.nix b/modules/nixos/docker.nix index 0795386..62dc095 100644 --- a/modules/nixos/docker.nix +++ b/modules/nixos/docker.nix @@ -5,9 +5,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.docker; -in { +in +{ options.nixfiles.modules.docker.enable = mkEnableOption "Docker"; config = mkIf cfg.enable { @@ -29,8 +31,8 @@ in { virtualisation.docker.enable = true; - environment.systemPackages = with pkgs; [docker-compose]; + environment.systemPackages = with pkgs; [ docker-compose ]; - my.extraGroups = ["docker"]; + my.extraGroups = [ "docker" ]; }; } diff --git a/modules/nixos/dwm.nix b/modules/nixos/dwm.nix index a32ed29..912be0c 100644 --- a/modules/nixos/dwm.nix +++ b/modules/nixos/dwm.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.dwm; -in { +in +{ options.nixfiles.modules.dwm.enable = mkEnableOption "dwm"; config = mkIf cfg.enable { @@ -15,134 +17,137 @@ in { hm.xsession = { enable = true; - windowManager.command = let - pkg = pkgs.dwm.override { - conf = let - font = with config.stylix.fonts; "${monospace.name}:size=${toString sizes.terminal}"; - in '' - static const unsigned int borderpx = 1; - static const unsigned int snap = 32; - static const int showbar = 1; - static const int topbar = 1; + windowManager.command = + let + pkg = pkgs.dwm.override { + conf = + let + font = with config.stylix.fonts; "${monospace.name}:size=${toString sizes.terminal}"; + in + '' + static const unsigned int borderpx = 1; + static const unsigned int snap = 32; + static const int showbar = 1; + static const int topbar = 1; - static const char *fonts[] = { - "${font}" - }; + static const char *fonts[] = { + "${font}" + }; - static const char *colors[][3] = { - [SchemeNorm] = { - "${config.color.base06}", - "${config.color.base01}", - "${config.color.base01}", - }, - [SchemeSel] = { - "${config.color.base01}", - "${config.color.base06}", - "${config.color.base06}", - }, - }; + static const char *colors[][3] = { + [SchemeNorm] = { + "${config.color.base06}", + "${config.color.base01}", + "${config.color.base01}", + }, + [SchemeSel] = { + "${config.color.base01}", + "${config.color.base06}", + "${config.color.base06}", + }, + }; - static const char *tags[] = { - "1", - "2", - "3", - "4", - "5", - "6", - "7", - "8", - "9" - }; + static const char *tags[] = { + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9" + }; - static const Rule rules[] = { - { "Emacs", NULL, NULL, 1 << 0, 0, -1 }, - }; + static const Rule rules[] = { + { "Emacs", NULL, NULL, 1 << 0, 0, -1 }, + }; - static const float mfact = 0.666; - static const int nmaster = 1; - static const int resizehints = 0; - static const int lockfullscreen = 1; + static const float mfact = 0.666; + static const int nmaster = 1; + static const int resizehints = 0; + static const int lockfullscreen = 1; - static const Layout layouts[] = { - { "[]=", tile }, - { "><>", NULL }, - { "[M]", monocle }, - }; + static const Layout layouts[] = { + { "[]=", tile }, + { "><>", NULL }, + { "[M]", monocle }, + }; - #define MODKEY Mod4Mask - #define TAGKEYS(KEY,TAG) \ - { MODKEY, KEY, view, { .ui = 1 << TAG } }, \ - { MODKEY|ControlMask, KEY, toggleview, { .ui = 1 << TAG } }, \ - { MODKEY|ShiftMask, KEY, tag, { .ui = 1 << TAG } }, \ - { MODKEY|ControlMask|ShiftMask, KEY, toggletag, { .ui = 1 << TAG } }, + #define MODKEY Mod4Mask + #define TAGKEYS(KEY,TAG) \ + { MODKEY, KEY, view, { .ui = 1 << TAG } }, \ + { MODKEY|ControlMask, KEY, toggleview, { .ui = 1 << TAG } }, \ + { MODKEY|ShiftMask, KEY, tag, { .ui = 1 << TAG } }, \ + { MODKEY|ControlMask|ShiftMask, KEY, toggletag, { .ui = 1 << TAG } }, - static char dmenumon[2] = "0"; - static const char *dmenucmd[] = { - "${pkgs.dmenu}/bin/dmenu_run", - "-m", dmenumon, - "-fn", "${font}", - "-nb", "${config.color.base01}", - "-nf", "${config.color.base06}", - "-sb", "${config.color.base06}", - "-sf", "${config.color.base01}", - NULL, - }; - static const char *termcmd[] = { - "${getExe pkgs.alacritty}", - NULL, - }; + static char dmenumon[2] = "0"; + static const char *dmenucmd[] = { + "${pkgs.dmenu}/bin/dmenu_run", + "-m", dmenumon, + "-fn", "${font}", + "-nb", "${config.color.base01}", + "-nf", "${config.color.base06}", + "-sb", "${config.color.base06}", + "-sf", "${config.color.base01}", + NULL, + }; + static const char *termcmd[] = { + "${getExe pkgs.alacritty}", + NULL, + }; - static const Key keys[] = { - { MODKEY, XK_x, spawn, {.v = dmenucmd} }, - { MODKEY, XK_Return, spawn, {.v = termcmd} }, - { MODKEY, XK_b, togglebar, {0} }, - { MODKEY, XK_j, focusstack, {.i = +1} }, - { MODKEY, XK_k, focusstack, {.i = -1} }, - { MODKEY|ShiftMask, XK_k, incnmaster, {.i = +1} }, - { MODKEY|ShiftMask, XK_j, incnmaster, {.i = -1} }, - { MODKEY, XK_comma, setmfact, {.f = -0.05} }, - { MODKEY, XK_period, setmfact, {.f = +0.05} }, - { MODKEY, XK_p, zoom, {0} }, - { MODKEY, XK_Tab, view, {0} }, - { MODKEY, XK_d, killclient, {0} }, - { MODKEY, XK_t, setlayout, {.v = &layouts[0]} }, - { MODKEY, XK_m, setlayout, {.v = &layouts[1]} }, - { MODKEY, XK_f, setlayout, {.v = &layouts[2]} }, - { MODKEY, XK_o, togglefloating, {0} }, - { MODKEY, XK_0, view, {.ui = ~0} }, - { MODKEY|ShiftMask, XK_0, tag, {.ui = ~0} }, - { MODKEY, XK_h, focusmon, {.i = -1} }, - { MODKEY, XK_l, focusmon, {.i = +1} }, - { MODKEY|ShiftMask, XK_h, tagmon, {.i = -1} }, - { MODKEY|ShiftMask, XK_l, tagmon, {.i = +1} }, - TAGKEYS( XK_1, 0) - TAGKEYS( XK_2, 1) - TAGKEYS( XK_3, 2) - TAGKEYS( XK_4, 3) - TAGKEYS( XK_5, 4) - TAGKEYS( XK_6, 5) - TAGKEYS( XK_7, 6) - TAGKEYS( XK_8, 7) - TAGKEYS( XK_9, 8) - { MODKEY|ShiftMask, XK_q, quit, {0} }, - }; + static const Key keys[] = { + { MODKEY, XK_x, spawn, {.v = dmenucmd} }, + { MODKEY, XK_Return, spawn, {.v = termcmd} }, + { MODKEY, XK_b, togglebar, {0} }, + { MODKEY, XK_j, focusstack, {.i = +1} }, + { MODKEY, XK_k, focusstack, {.i = -1} }, + { MODKEY|ShiftMask, XK_k, incnmaster, {.i = +1} }, + { MODKEY|ShiftMask, XK_j, incnmaster, {.i = -1} }, + { MODKEY, XK_comma, setmfact, {.f = -0.05} }, + { MODKEY, XK_period, setmfact, {.f = +0.05} }, + { MODKEY, XK_p, zoom, {0} }, + { MODKEY, XK_Tab, view, {0} }, + { MODKEY, XK_d, killclient, {0} }, + { MODKEY, XK_t, setlayout, {.v = &layouts[0]} }, + { MODKEY, XK_m, setlayout, {.v = &layouts[1]} }, + { MODKEY, XK_f, setlayout, {.v = &layouts[2]} }, + { MODKEY, XK_o, togglefloating, {0} }, + { MODKEY, XK_0, view, {.ui = ~0} }, + { MODKEY|ShiftMask, XK_0, tag, {.ui = ~0} }, + { MODKEY, XK_h, focusmon, {.i = -1} }, + { MODKEY, XK_l, focusmon, {.i = +1} }, + { MODKEY|ShiftMask, XK_h, tagmon, {.i = -1} }, + { MODKEY|ShiftMask, XK_l, tagmon, {.i = +1} }, + TAGKEYS( XK_1, 0) + TAGKEYS( XK_2, 1) + TAGKEYS( XK_3, 2) + TAGKEYS( XK_4, 3) + TAGKEYS( XK_5, 4) + TAGKEYS( XK_6, 5) + TAGKEYS( XK_7, 6) + TAGKEYS( XK_8, 7) + TAGKEYS( XK_9, 8) + { MODKEY|ShiftMask, XK_q, quit, {0} }, + }; - static const Button buttons[] = { - { ClkLtSymbol, 0, Button1, setlayout, {0} }, - { ClkLtSymbol, 0, Button3, setlayout, {.v = &layouts[2]} }, - { ClkWinTitle, 0, Button2, zoom, {0} }, - { ClkStatusText, 0, Button2, spawn, {.v = termcmd} }, - { ClkClientWin, MODKEY, Button1, movemouse, {0} }, - { ClkClientWin, MODKEY, Button2, togglefloating, {0} }, - { ClkClientWin, MODKEY, Button3, resizemouse, {0} }, - { ClkTagBar, 0, Button1, view, {0} }, - { ClkTagBar, 0, Button3, toggleview, {0} }, - { ClkTagBar, MODKEY, Button1, tag, {0} }, - { ClkTagBar, MODKEY, Button3, toggletag, {0} }, - }; - ''; - }; - in + static const Button buttons[] = { + { ClkLtSymbol, 0, Button1, setlayout, {0} }, + { ClkLtSymbol, 0, Button3, setlayout, {.v = &layouts[2]} }, + { ClkWinTitle, 0, Button2, zoom, {0} }, + { ClkStatusText, 0, Button2, spawn, {.v = termcmd} }, + { ClkClientWin, MODKEY, Button1, movemouse, {0} }, + { ClkClientWin, MODKEY, Button2, togglefloating, {0} }, + { ClkClientWin, MODKEY, Button3, resizemouse, {0} }, + { ClkTagBar, 0, Button1, view, {0} }, + { ClkTagBar, 0, Button3, toggleview, {0} }, + { ClkTagBar, MODKEY, Button1, tag, {0} }, + { ClkTagBar, MODKEY, Button3, toggletag, {0} }, + }; + ''; + }; + in getExe' pkg "dwm"; }; @@ -151,7 +156,14 @@ in { # package = pkgs.dwm-status.override { # enableAlsaUtils = false; # }; - order = ["audio" "backlight" "battery" "cpu_load" "network" "time"]; + order = [ + "audio" + "backlight" + "battery" + "cpu_load" + "network" + "time" + ]; }; services.xserver.displayManager.startx.enable = true; diff --git a/modules/nixos/emacs.nix b/modules/nixos/emacs.nix index 7d2112b..8a59c9b 100644 --- a/modules/nixos/emacs.nix +++ b/modules/nixos/emacs.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.emacs; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules.common.xdg.defaultApplications.emacs = [ "application/atom+xml" diff --git a/modules/nixos/endlessh-go.nix b/modules/nixos/endlessh-go.nix index 435305d..efaaa8f 100644 --- a/modules/nixos/endlessh-go.nix +++ b/modules/nixos/endlessh-go.nix @@ -4,14 +4,17 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.endlessh-go; -in { +in +{ options.nixfiles.modules.endlessh-go.enable = mkEnableOption "endlessh-go"; - config = let - port = 22; - in + config = + let + port = 22; + in mkIf cfg.enable { services.endlessh-go = { enable = true; @@ -22,9 +25,12 @@ in { listenAddress = this.wireguard.ipv4.address; port = 9229; }; - extraOptions = ["-geoip_supplier=ip-api" "-v=1"]; + extraOptions = [ + "-geoip_supplier=ip-api" + "-v=1" + ]; }; - networking.firewall.allowedTCPPorts = [port]; + networking.firewall.allowedTCPPorts = [ port ]; }; } diff --git a/modules/nixos/endlessh.nix b/modules/nixos/endlessh.nix index caf9a38..f1bf0bc 100644 --- a/modules/nixos/endlessh.nix +++ b/modules/nixos/endlessh.nix @@ -1,16 +1,15 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.endlessh; -in { +in +{ options.nixfiles.modules.endlessh.enable = mkEnableOption "endlessh"; - config = let - port = 22; - in + config = + let + port = 22; + in mkIf cfg.enable { ark.directories = [ "/var/lib/gotify-server" @@ -20,9 +19,12 @@ in { services.endlessh = { enable = true; inherit port; - extraOptions = ["-v" "-4"]; + extraOptions = [ + "-v" + "-4" + ]; }; - networking.firewall.allowedTCPPorts = [port]; + networking.firewall.allowedTCPPorts = [ port ]; }; } diff --git a/modules/nixos/fail2ban.nix b/modules/nixos/fail2ban.nix index ce35c1f..a0cc2b4 100644 --- a/modules/nixos/fail2ban.nix +++ b/modules/nixos/fail2ban.nix @@ -4,14 +4,15 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.fail2ban; -in { - options.nixfiles.modules.fail2ban.enable = - mkEnableOption "fail2ban"; +in +{ + options.nixfiles.modules.fail2ban.enable = mkEnableOption "fail2ban"; config = mkIf cfg.enable { - ark.directories = ["/var/lib/fail2ban"]; + ark.directories = [ "/var/lib/fail2ban" ]; services.fail2ban = { enable = true; @@ -22,9 +23,13 @@ in { rndtime = "8m"; }; - ignoreIP = - optionals (hasAttr "wireguard" this) - (with config.nixfiles.modules.wireguard; [ipv4.subnet ipv6.subnet]); + ignoreIP = optionals (hasAttr "wireguard" this) ( + with config.nixfiles.modules.wireguard; + [ + ipv4.subnet + ipv6.subnet + ] + ); jails.DEFAULT.settings.blocktype = "DROP"; }; diff --git a/modules/nixos/firefox/addons.nix b/modules/nixos/firefox/addons.nix index bd14bb5..28235d4 100644 --- a/modules/nixos/firefox/addons.nix +++ b/modules/nixos/firefox/addons.nix @@ -1,7 +1,5 @@ +{ buildFirefoxXpiAddon, lib }: { - buildFirefoxXpiAddon, - lib, -}: { "bitwarden" = buildFirefoxXpiAddon { pname = "bitwarden"; version = "2024.2.1"; @@ -33,10 +31,10 @@ }; "bypass-paywalls" = buildFirefoxXpiAddon { pname = "bypass-paywalls"; - version = "3.5.9.0"; + version = "3.6.0.0"; addonId = "magnolia_limited_permissions_d@12.34"; - url = "https://addons.mozilla.org/firefox/downloads/file/4248144/bypass_paywalls_clean_d-3.5.9.0.xpi"; - sha256 = "938da8dcfa0e3ff012b40cf54a270ca73b03183387ef9330bf8b7771dbf10a5c"; + url = "https://addons.mozilla.org/firefox/downloads/file/4251818/bypass_paywalls_clean_d-3.6.0.0.xpi"; + sha256 = "30a57df51a241838dca9360a12801ea82f2deaf76a6b63f1279235e2f5f3c939"; meta = with lib; { homepage = "https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean"; description = "Bypass Paywalls"; @@ -173,6 +171,7 @@ "*://*.courant.com/*" "*://*.courier-journal.com/*" "*://*.couriermail.com.au/*" + "*://*.courrierinternational.com/*" "*://*.crainscleveland.com/*" "*://*.crainsdetroit.com/*" "*://*.crainsnewyork.com/*" @@ -290,6 +289,7 @@ "*://*.ftm.nl/*" "*://*.gazetadopovo.com.br/*" "*://*.gazzetta.it/*" + "*://*.gbnews.com/*" "*://*.geelongadvertiser.com.au/*" "*://*.gelderlander.nl/*" "*://*.genomeweb.com/*" @@ -423,6 +423,7 @@ "*://*.lehighvalleylive.com/*" "*://*.lejdd.fr/*" "*://*.lemagit.fr/*" + "*://*.lemoniteur.fr/*" "*://*.lenouveleconomiste.fr/*" "*://*.lenouvelliste.ch/*" "*://*.leparisien.fr/*" @@ -526,6 +527,7 @@ "*://*.nytimes.com/*" "*://*.nzherald.co.nz/*" "*://*.nzz.ch/*" + "*://*.observador.pt/*" "*://*.ocbj.com/*" "*://*.ocregister.com/*" "*://*.oklahoman.com/*" @@ -560,6 +562,7 @@ "*://*.popularmechanics.com/*" "*://*.post-gazette.com/*" "*://*.pourlascience.fr/*" + "*://*.pourleco.com/*" "*://*.precisionmedicineonline.com/*" "*://*.pressenterprise.com/*" "*://*.prevention.com/*" @@ -864,16 +867,21 @@ homepage = "https://consentomatic.au.dk/"; description = "Automatic handling of GDPR consent forms"; license = licenses.mit; - mozPermissions = ["activeTab" "tabs" "storage" "<all_urls>"]; + mozPermissions = [ + "activeTab" + "tabs" + "storage" + "<all_urls>" + ]; platforms = platforms.all; }; }; "darkreader" = buildFirefoxXpiAddon { pname = "darkreader"; - version = "4.9.78"; + version = "4.9.80"; addonId = "addon@darkreader.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4243182/darkreader-4.9.78.xpi"; - sha256 = "21e08b3f26e9b54257d30f6b2fb2d966d41ace54d2d79ccec55e55517084c7ce"; + url = "https://addons.mozilla.org/firefox/downloads/file/4249607/darkreader-4.9.80.xpi"; + sha256 = "a93f1250b72cc27fe4a9b02be062c68fb079e45a1233d562852b48e1e9b99307"; meta = with lib; { homepage = "https://darkreader.org/"; description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing."; @@ -939,10 +947,10 @@ }; "languagetool" = buildFirefoxXpiAddon { pname = "languagetool"; - version = "8.3.0"; + version = "8.6.0"; addonId = "languagetool-webextension@languagetool.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4199245/languagetool-8.3.0.xpi"; - sha256 = "e357424e3df9dde4ba10eb9f8f3719ac4830681570557f4d51db15a462cd7667"; + url = "https://addons.mozilla.org/firefox/downloads/file/4249956/languagetool-8.6.0.xpi"; + sha256 = "d9db9aac9fdd53eb39179c153161762cd9e9eb1f6d7da8e8b8a32238b4847094"; meta = with lib; { homepage = "https://languagetool.org"; description = "With this extension you can check text with the free style and grammar checker LanguageTool. It finds many errors that a simple spell checker cannot detect, like mixing up there/their, a/an, or repeating a word."; @@ -970,7 +978,11 @@ homepage = "https://github.com/MorbZ/no-pdf-download"; description = "Opens all PDF files directly in the browser."; license = licenses.mit; - mozPermissions = ["webRequest" "webRequestBlocking" "<all_urls>"]; + mozPermissions = [ + "webRequest" + "webRequestBlocking" + "<all_urls>" + ]; platforms = platforms.all; }; }; diff --git a/modules/nixos/firefox/default.nix b/modules/nixos/firefox/default.nix index 6d1b31b..881e9ad 100644 --- a/modules/nixos/firefox/default.nix +++ b/modules/nixos/firefox/default.nix @@ -5,9 +5,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.firefox; -in { +in +{ options.nixfiles.modules.firefox.enable = mkEnableOption "Firefox"; config = mkIf cfg.enable { @@ -18,13 +20,13 @@ in { ]; hm = { - imports = [inputs.arkenfox.hmModules.arkenfox]; + imports = [ inputs.arkenfox.hmModules.arkenfox ]; - home.packages = with pkgs; [profile-cleaner]; + home.packages = with pkgs; [ profile-cleaner ]; stylix.targets.firefox = { enable = true; - profileNames = ["default"]; + profileNames = [ "default" ]; }; programs.firefox = { @@ -34,37 +36,40 @@ in { arkenfox.enable = true; - profiles.default = let - mkCssWithRoot = css: - mkMerge [ - # https://github.com/tinted-theming/base24/blob/master/styling.md - (with config.colors.withHashtag; '' - :root { - --black: ${base01}; - --red: ${base08}; - --green: ${base0B}; - --yellow: ${base09}; - --blue: ${base0D}; - --magenta: ${base0E}; - --cyan: ${base0C}; - --white: ${base06}; - --bright-black: ${base02}; - --bright-red: ${base12}; - --bright-green: ${base14}; - --bright-yellow: ${base13}; - --bright-blue: ${base16}; - --bright-magenta: ${base17}; - --bright-cyan: ${base15}; - --bright-white: ${base07}; - --background: ${base00}; - --foreground: ${base05}; - '') - ( - let - mapFonts = concatMapStringsSep ", " (font: ''"${font}"''); - size = toString config.stylix.fonts.sizes.applications; - in - with config.fonts.fontconfig.defaultFonts; '' + profiles.default = + let + mkCssWithRoot = + css: + mkMerge [ + # https://github.com/tinted-theming/base24/blob/master/styling.md + (with config.colors.withHashtag; '' + :root { + --black: ${base01}; + --red: ${base08}; + --green: ${base0B}; + --yellow: ${base09}; + --blue: ${base0D}; + --magenta: ${base0E}; + --cyan: ${base0C}; + --white: ${base06}; + --bright-black: ${base02}; + --bright-red: ${base12}; + --bright-green: ${base14}; + --bright-yellow: ${base13}; + --bright-blue: ${base16}; + --bright-magenta: ${base17}; + --bright-cyan: ${base15}; + --bright-white: ${base07}; + --background: ${base00}; + --foreground: ${base05}; + '') + ( + let + mapFonts = concatMapStringsSep ", " (font: ''"${font}"''); + size = toString config.stylix.fonts.sizes.applications; + in + with config.fonts.fontconfig.defaultFonts; + '' --serif-font-family: ${mapFonts serif}, serif; --serif-font-size: ${size}; --sans-serif-font-family: ${mapFonts sansSerif}, sans-serif; @@ -73,50 +78,54 @@ in { --monospace-font-size: ${size}; } '' - ) - (builtins.readFile css) - ]; - in { - id = 0; - - isDefault = true; - - userChrome = mkCssWithRoot ./userChrome.css; - - userContent = mkCssWithRoot ./userContent.css; - - extensions = let - # This was done using the incredible addon generator[1]. All credit - # goes to Robert Helgesson. - # - # [1]: https://sr.ht/~rycee/mozilla-addons-to-nix/ - buildFirefoxXpiAddon = makeOverridable ({ - stdenv ? pkgs.stdenv, - fetchurl ? pkgs.fetchurl, - pname, - version, - addonId, - url, - sha256, - meta, - ... - }: - stdenv.mkDerivation { - name = "${pname}-${version}"; - inherit meta; - src = fetchurl {inherit url sha256;}; - preferLocalBuild = true; - allowSubstitutes = true; - buildCommand = '' - dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}" - mkdir -p "$dst" - install -v -m644 "$src" "$dst/${addonId}.xpi" - ''; - }); - - addons = import ./addons.nix {inherit buildFirefoxXpiAddon lib;}; + ) + (builtins.readFile css) + ]; in - with addons; + { + id = 0; + + isDefault = true; + + userChrome = mkCssWithRoot ./userChrome.css; + + userContent = mkCssWithRoot ./userContent.css; + + extensions = + let + # This was done using the incredible addon generator[1]. All credit + # goes to Robert Helgesson. + # + # [1]: https://sr.ht/~rycee/mozilla-addons-to-nix/ + buildFirefoxXpiAddon = makeOverridable ( + { + stdenv ? pkgs.stdenv, + fetchurl ? pkgs.fetchurl, + pname, + version, + addonId, + url, + sha256, + meta, + ... + }: + stdenv.mkDerivation { + name = "${pname}-${version}"; + inherit meta; + src = fetchurl { inherit url sha256; }; + preferLocalBuild = true; + allowSubstitutes = true; + buildCommand = '' + dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}" + mkdir -p "$dst" + install -v -m644 "$src" "$dst/${addonId}.xpi" + ''; + } + ); + + addons = import ./addons.nix { inherit buildFirefoxXpiAddon lib; }; + in + with addons; [ bypass-paywalls consent-o-matic @@ -133,483 +142,434 @@ in { ] ++ optional config.nixfiles.modules.ipfs.enable ipfs-companion; - search = { - force = true; - - default = "DuckDuckGo"; - order = ["DuckDuckGo" "Yahoo" "Google"]; - - engines = let - getIcon = url: sha256: pkgs.fetchurl {inherit url sha256;}; - in { - "Amazon.com".metaData.hidden = true; - "Bing".metaData.hidden = true; - "Ebay".metaData.hidden = true; - - "2GIS" = { - urls = [{template = "https://2gis.ru/kazan/search/{searchTerms}";}]; - icon = - getIcon - "https://d-assets.2gis.ru/favicon.png" - "sha256-BlSaYRcUx9zhfJnVK5V7rsyft4qaueIEOONiCg+6aLE="; - definedAliases = ["@2gis"]; - }; - - "AliExpress" = { - urls = [{template = "https://aliexpress.ru/wholesale?SearchText={searchTerms}";}]; - icon = - getIcon - "https://ae01.alicdn.com/images/eng/wholesale/icon/aliexpress.ico" - "sha256-7xgem2pY2PNuv8as1YnS+U03GvDLLGjhcDLt69rtmaA="; - definedAliases = ["@aliexpress" "@ali"]; - }; - - "Ansible Galaxy" = { - urls = [{template = "https://galaxy.ansible.com/search?keywords={searchTerms}";}]; - icon = - getIcon - "https://galaxy.ansible.com/assets/favicon.ico" - "sha256-oAolpZhdKbVTraes6dDlafpvq/Vypu264vgKN4jzJk8="; - definedAliases = ["@ansible" "@galaxy" "@ag"]; - }; - - "Arch Wiki" = { - urls = [{template = "https://wiki.archlinux.org/index.php?search={searchTerms}";}]; - icon = - getIcon - "https://wiki.archlinux.org/favicon.ico" - "sha256-0uxMtT8myzTT7p9k6v5UxsguPKu+vHPlglNTMbnN1T0="; - definedAliases = ["@archwiki" "@aw"]; - }; - - "crates.io" = { - urls = [{template = "https://crates.io/search?q={searchTerms}";}]; - icon = - getIcon - "https://crates.io/favicon.ico" - "sha256-upooA/+m5KMUD1t4WFY3EOmytdpUFgNqUj12Auta1mM="; - definedAliases = ["@crates"]; - }; - - "Discogs" = { - urls = [{template = "https://www.discogs.com/search?q={searchTerms}";}]; - icon = - getIcon - "https://st.discogs.com/d56dcb7367720ea20f1b11a4385705517c7e7702/images/favicon.ico" - "sha256-zEDrbmcUf8XHUyYzNc6JsWzBioX8sm8tjScGHim5VTk="; - definedAliases = ["@discogs"]; - }; - - "Docker Hub" = { - urls = [{template = "https://hub.docker.com/search?q={searchTerms}";}]; - icon = - getIcon - "https://www.docker.com/wp-content/uploads/2023/04/cropped-Docker-favicon-32x32.png" - "sha256-4NmHGMaq31qoIvdlmy7fI3qTbkcp1/tJhqQu/9Ci4/c="; - definedAliases = ["@dockerhub" "@docker"]; - }; - - "Ecosia" = { - urls = [{template = "https://www.ecosia.org/search?q={searchTerms}";}]; - icon = - getIcon - "https://cdn-static.ecosia.org/static/icons/favicon.ico" - "sha256-uvPShG1yVh4C4zaJmGuhhr96V/NredB1Wte9O3U6QxA="; - definedAliases = ["@ecosia"]; - }; - - "Genius" = { - urls = [{template = "https://genius.com/search?q={searchTerms}";}]; - icon = - getIcon - "https://assets.genius.com/images/apple-touch-icon.png" - "sha256-M9YQEVg3T7hMO/xPfihR1aXfG+/pNiVOBCOtzx3GrkE="; - definedAliases = ["@genius"]; - }; - - "GitHub" = { - urls = [{template = "https://github.com/search?q={searchTerms}";}]; - icon = - getIcon - "https://github.githubassets.com/favicons/favicon-dark.svg" - "sha256-qu/d9ftvsntplFuxw9RFL8BpI9b2g5b6xfeGw6Ekh6w="; - definedAliases = ["@github" "@gh"]; - }; - - "godocs.io" = { - urls = [{template = "https://godocs.io/?q={searchTerms}";}]; - icon = - getIcon - "https://go.dev/images/favicon-gopher.svg" - "sha256-OlKpUUeYF8TtMoX4e0ERK1ocIb53OJ8ZDxvwJaQVM/0="; - definedAliases = ["@godocs"]; - }; - - "pkgs.go.dev" = { - urls = [{template = "https://pkg.go.dev/search?q={searchTerms}";}]; - icon = - getIcon - "https://go.dev/images/favicon-gopher.svg" - "sha256-OlKpUUeYF8TtMoX4e0ERK1ocIb53OJ8ZDxvwJaQVM/0="; - definedAliases = ["@gopkgs"]; - }; - - "Hackage" = { - urls = [{template = "https://hackage.haskell.org/packages/search?terms={searchTerms}";}]; - icon = - getIcon - "https://hackage.haskell.org/static/favicon.png" - "sha256-+6WAv93yaA3L2eheGKxklY/uRAvbKD1q/WcmufmhKxY="; - definedAliases = ["@hackage"]; - }; - - "Hoogle" = { - urls = [{template = "https://hoogle.haskell.org/?hoogle={searchTerms}";}]; - icon = - getIcon - "https://hoogle.haskell.org/favicon.png" - "sha256-6qmjRYDDRUwm6EdLoZB6o9XtoujsfDEQJ9xOu3Knei8="; - definedAliases = ["@hoogle"]; - }; - - "Jisho" = { - urls = [{template = "https://jisho.org/search/{searchTerms}";}]; - icon = - getIcon - "https://assets.jisho.org/assets/favicon-062c4a0240e1e6d72c38aa524742c2d558ee6234497d91dd6b75a182ea823d65.ico" - "sha256-BixKAkDh5tcsOKpSR0LC1VjuYjRJfZHda3WhguqCPWU="; - definedAliases = ["@jisho"]; - }; - - "コトバンク" = { - urls = [{template = "https://kotobank.jp/gs/?q={searchTerms}";}]; - icon = - getIcon - "https://kotobank.jp/favicon.ico" - "sha256-t+EzqURlQwznuBqa0GcBbqumvZqtU7HrEAjGUlqp1tg="; - definedAliases = ["@kotobank"]; - }; - - "Kubernetes" = { - urls = [{template = "https://kubernetes.io/search/?q={searchTerms}";}]; - icon = - getIcon - "https://kubernetes.io/images/favicon.png" - "sha256-YI5QvGQXoaTG3uUGQ/R99Xl2r+VqBAA1qqthzPbf8nQ="; - definedAliases = ["@kubernetes" "@k8s"]; - }; - - "Last.fm" = { - urls = [{template = "https://www.last.fm/search?q={searchTerms}";}]; - icon = - getIcon - "https://www.last.fm/static/images/favicon.702b239b6194.ico" - "sha256-ID+DfF+dZ5CzKiBp/psQPRD6r/06PZ0rVYiELWUt5Mw="; - definedAliases = ["@lastfm"]; - }; - - "MDN" = { - urls = [{template = "https://developer.mozilla.org/en-US/search?q={searchTerms}";}]; - icon = - getIcon - "https://developer.mozilla.org/favicon-48x48.cbbd161b.png" - "sha256-Wnd0BqQIKgroGmV+R8vqV9uNBwDvcxBrQ8hXOLOFeKY="; - definedAliases = ["@mdn"]; - }; - - "MELPA" = { - urls = [{template = "https://melpa.org/#/?q={searchTerms}";}]; - icon = - getIcon - "https://melpa.org/favicon.ico" - "sha256-bmlydqXBM8MUMC6cOTGSHPx6zN8tZFqmQ+srbXkSCA4="; - definedAliases = ["@melpa"]; - }; - - "MusicBrainz" = { - urls = [{template = "https://musicbrainz.org/search?type=artist&query={searchTerms}";}]; - icon = - getIcon - "https://musicbrainz.org/static/images/favicons/favicon-16x16.png" - "sha256-M5mKQurmO9AP0gfC+5OLwi8k4XWQy759eQrrKAeytl0="; - definedAliases = ["@musicbrainz" "@mb"]; - }; - - "NixOS Packages" = { - urls = [{template = "https://search.nixos.org/packages?channel=unstable&query={searchTerms}";}]; - icon = - getIcon - "https://nixos.org/favicon.png" - "sha256-awcsDbbpRcDJnJpRavj/IcKMReEektRcqKbE35IJTKQ="; - definedAliases = ["@nixpkgs" "@np"]; - }; - - "NixOS Options" = { - urls = [{template = "https://search.nixos.org/options?channel=unstable&query={searchTerms}";}]; - icon = - getIcon - "https://nixos.org/favicon.png" - "sha256-awcsDbbpRcDJnJpRavj/IcKMReEektRcqKbE35IJTKQ="; - definedAliases = ["@nixopts" "@no"]; - }; - - "NixOS Wiki" = { - urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - icon = - getIcon - "https://nixos.wiki/favicon.png" - "sha256-DE8IgVninF6Aq3iNMgerhvF1dpoXqDUSibtWSpf/dN4="; - definedAliases = ["@nixoswiki" "@nw"]; - }; - - "OpenStreetMap" = { - urls = [{template = "https://www.openstreetmap.org/search?query={searchTerms}";}]; - icon = - getIcon - "https://www.openstreetmap.org/assets/favicon-32x32-99b88fcadeef736889823c8a886b89d8cada9d4423a49a27de29bacc0a6bebd1.png" - "sha256-dt4QVbQPdb4neS/fwH3yOWOSbEdkjMZtAYnIeCfr7qI="; - definedAliases = ["@openstreetmap" "@osm" "@maps"]; - }; - - "ProtonDB" = { - urls = [{template = "https://www.protondb.com/search?q={searchTerms}";}]; - icon = - getIcon - "https://www.protondb.com/sites/protondb/images/favicon.ico" - "sha256-oauOp0EASNjMcThfzYJ2TfbaOYHBPL8LOp+9lmp4pmc="; - definedAliases = ["@protondb"]; - }; - - "PyPI" = { - urls = [{template = "https://pypi.org/search/?q={searchTerms}";}]; - icon = - getIcon - "https://pypi.org/static/images/logo-small.2a411bc6.svg" - "sha256-+fcSfcNxAMLIFkp+gh52c48lQORoyhcegUIFtuq/zYs="; - definedAliases = ["@pypi"]; - }; + search = { + force = true; - "Python Docs" = { - urls = [{template = "https://docs.python.org/3/search.html?q={searchTerms}";}]; - icon = - getIcon - "https://docs.python.org/3/_static/py.svg" - "sha256-WGW+i8wK+IhZSQPqARL2yNkjxXJsQIHoyFYRDMcznO8="; - definedAliases = ["@pydocs"]; - }; + default = "DuckDuckGo"; + order = [ + "DuckDuckGo" + "Yahoo" + "Google" + ]; - "Rate Your Music" = { - urls = [{template = "https://rateyourmusic.com/search?searchterm={searchTerms}";}]; - icon = - getIcon - "https://e.snmc.io/3.0/img/logo/sonemic-32.png" - "sha256-JpTt1tjBkUvDMTGrG7Hg2EiE8PR3RL7McodeZk1EpZA="; - definedAliases = ["@rym"]; - }; + engines = + let + getIcon = url: sha256: pkgs.fetchurl { inherit url sha256; }; + in + { + "Amazon.com".metaData.hidden = true; + "Bing".metaData.hidden = true; + "Ebay".metaData.hidden = true; + + "2GIS" = { + urls = [ { template = "https://2gis.ru/kazan/search/{searchTerms}"; } ]; + icon = getIcon "https://d-assets.2gis.ru/favicon.png" "sha256-BlSaYRcUx9zhfJnVK5V7rsyft4qaueIEOONiCg+6aLE="; + definedAliases = [ "@2gis" ]; + }; + + "AliExpress" = { + urls = [ { template = "https://aliexpress.ru/wholesale?SearchText={searchTerms}"; } ]; + icon = getIcon "https://ae01.alicdn.com/images/eng/wholesale/icon/aliexpress.ico" "sha256-7xgem2pY2PNuv8as1YnS+U03GvDLLGjhcDLt69rtmaA="; + definedAliases = [ + "@aliexpress" + "@ali" + ]; + }; + + "Ansible Galaxy" = { + urls = [ { template = "https://galaxy.ansible.com/search?keywords={searchTerms}"; } ]; + icon = getIcon "https://galaxy.ansible.com/assets/favicon.ico" "sha256-oAolpZhdKbVTraes6dDlafpvq/Vypu264vgKN4jzJk8="; + definedAliases = [ + "@ansible" + "@galaxy" + "@ag" + ]; + }; + + "Arch Wiki" = { + urls = [ { template = "https://wiki.archlinux.org/index.php?search={searchTerms}"; } ]; + icon = getIcon "https://wiki.archlinux.org/favicon.ico" "sha256-0uxMtT8myzTT7p9k6v5UxsguPKu+vHPlglNTMbnN1T0="; + definedAliases = [ + "@archwiki" + "@aw" + ]; + }; + + "crates.io" = { + urls = [ { template = "https://crates.io/search?q={searchTerms}"; } ]; + icon = getIcon "https://crates.io/favicon.ico" "sha256-upooA/+m5KMUD1t4WFY3EOmytdpUFgNqUj12Auta1mM="; + definedAliases = [ "@crates" ]; + }; + + "Discogs" = { + urls = [ { template = "https://www.discogs.com/search?q={searchTerms}"; } ]; + icon = getIcon "https://st.discogs.com/d56dcb7367720ea20f1b11a4385705517c7e7702/images/favicon.ico" "sha256-zEDrbmcUf8XHUyYzNc6JsWzBioX8sm8tjScGHim5VTk="; + definedAliases = [ "@discogs" ]; + }; + + "Docker Hub" = { + urls = [ { template = "https://hub.docker.com/search?q={searchTerms}"; } ]; + icon = getIcon "https://www.docker.com/wp-content/uploads/2023/04/cropped-Docker-favicon-32x32.png" "sha256-4NmHGMaq31qoIvdlmy7fI3qTbkcp1/tJhqQu/9Ci4/c="; + definedAliases = [ + "@dockerhub" + "@docker" + ]; + }; + + "Ecosia" = { + urls = [ { template = "https://www.ecosia.org/search?q={searchTerms}"; } ]; + icon = getIcon "https://cdn-static.ecosia.org/static/icons/favicon.ico" "sha256-uvPShG1yVh4C4zaJmGuhhr96V/NredB1Wte9O3U6QxA="; + definedAliases = [ "@ecosia" ]; + }; + + "Genius" = { + urls = [ { template = "https://genius.com/search?q={searchTerms}"; } ]; + icon = getIcon "https://assets.genius.com/images/apple-touch-icon.png" "sha256-M9YQEVg3T7hMO/xPfihR1aXfG+/pNiVOBCOtzx3GrkE="; + definedAliases = [ "@genius" ]; + }; + + "GitHub" = { + urls = [ { template = "https://github.com/search?q={searchTerms}"; } ]; + icon = getIcon "https://github.githubassets.com/favicons/favicon-dark.svg" "sha256-qu/d9ftvsntplFuxw9RFL8BpI9b2g5b6xfeGw6Ekh6w="; + definedAliases = [ + "@github" + "@gh" + ]; + }; + + "godocs.io" = { + urls = [ { template = "https://godocs.io/?q={searchTerms}"; } ]; + icon = getIcon "https://go.dev/images/favicon-gopher.svg" "sha256-OlKpUUeYF8TtMoX4e0ERK1ocIb53OJ8ZDxvwJaQVM/0="; + definedAliases = [ "@godocs" ]; + }; + + "pkgs.go.dev" = { + urls = [ { template = "https://pkg.go.dev/search?q={searchTerms}"; } ]; + icon = getIcon "https://go.dev/images/favicon-gopher.svg" "sha256-OlKpUUeYF8TtMoX4e0ERK1ocIb53OJ8ZDxvwJaQVM/0="; + definedAliases = [ "@gopkgs" ]; + }; + + "Hackage" = { + urls = [ { template = "https://hackage.haskell.org/packages/search?terms={searchTerms}"; } ]; + icon = getIcon "https://hackage.haskell.org/static/favicon.png" "sha256-+6WAv93yaA3L2eheGKxklY/uRAvbKD1q/WcmufmhKxY="; + definedAliases = [ "@hackage" ]; + }; + + "Hoogle" = { + urls = [ { template = "https://hoogle.haskell.org/?hoogle={searchTerms}"; } ]; + icon = getIcon "https://hoogle.haskell.org/favicon.png" "sha256-6qmjRYDDRUwm6EdLoZB6o9XtoujsfDEQJ9xOu3Knei8="; + definedAliases = [ "@hoogle" ]; + }; + + "Jisho" = { + urls = [ { template = "https://jisho.org/search/{searchTerms}"; } ]; + icon = getIcon "https://assets.jisho.org/assets/favicon-062c4a0240e1e6d72c38aa524742c2d558ee6234497d91dd6b75a182ea823d65.ico" "sha256-BixKAkDh5tcsOKpSR0LC1VjuYjRJfZHda3WhguqCPWU="; + definedAliases = [ "@jisho" ]; + }; + + "コトバンク" = { + urls = [ { template = "https://kotobank.jp/gs/?q={searchTerms}"; } ]; + icon = getIcon "https://kotobank.jp/favicon.ico" "sha256-t+EzqURlQwznuBqa0GcBbqumvZqtU7HrEAjGUlqp1tg="; + definedAliases = [ "@kotobank" ]; + }; + + "Kubernetes" = { + urls = [ { template = "https://kubernetes.io/search/?q={searchTerms}"; } ]; + icon = getIcon "https://kubernetes.io/images/favicon.png" "sha256-YI5QvGQXoaTG3uUGQ/R99Xl2r+VqBAA1qqthzPbf8nQ="; + definedAliases = [ + "@kubernetes" + "@k8s" + ]; + }; + + "Last.fm" = { + urls = [ { template = "https://www.last.fm/search?q={searchTerms}"; } ]; + icon = getIcon "https://www.last.fm/static/images/favicon.702b239b6194.ico" "sha256-ID+DfF+dZ5CzKiBp/psQPRD6r/06PZ0rVYiELWUt5Mw="; + definedAliases = [ "@lastfm" ]; + }; + + "MDN" = { + urls = [ { template = "https://developer.mozilla.org/en-US/search?q={searchTerms}"; } ]; + icon = getIcon "https://developer.mozilla.org/favicon-48x48.cbbd161b.png" "sha256-Wnd0BqQIKgroGmV+R8vqV9uNBwDvcxBrQ8hXOLOFeKY="; + definedAliases = [ "@mdn" ]; + }; + + "MELPA" = { + urls = [ { template = "https://melpa.org/#/?q={searchTerms}"; } ]; + icon = getIcon "https://melpa.org/favicon.ico" "sha256-bmlydqXBM8MUMC6cOTGSHPx6zN8tZFqmQ+srbXkSCA4="; + definedAliases = [ "@melpa" ]; + }; + + "MusicBrainz" = { + urls = [ { template = "https://musicbrainz.org/search?type=artist&query={searchTerms}"; } ]; + icon = getIcon "https://musicbrainz.org/static/images/favicons/favicon-16x16.png" "sha256-M5mKQurmO9AP0gfC+5OLwi8k4XWQy759eQrrKAeytl0="; + definedAliases = [ + "@musicbrainz" + "@mb" + ]; + }; + + "NixOS Packages" = { + urls = [ { template = "https://search.nixos.org/packages?channel=unstable&query={searchTerms}"; } ]; + icon = getIcon "https://nixos.org/favicon.png" "sha256-awcsDbbpRcDJnJpRavj/IcKMReEektRcqKbE35IJTKQ="; + definedAliases = [ + "@nixpkgs" + "@np" + ]; + }; + + "NixOS Options" = { + urls = [ { template = "https://search.nixos.org/options?channel=unstable&query={searchTerms}"; } ]; + icon = getIcon "https://nixos.org/favicon.png" "sha256-awcsDbbpRcDJnJpRavj/IcKMReEektRcqKbE35IJTKQ="; + definedAliases = [ + "@nixopts" + "@no" + ]; + }; + + "NixOS Wiki" = { + urls = [ { template = "https://nixos.wiki/index.php?search={searchTerms}"; } ]; + icon = getIcon "https://nixos.wiki/favicon.png" "sha256-DE8IgVninF6Aq3iNMgerhvF1dpoXqDUSibtWSpf/dN4="; + definedAliases = [ + "@nixoswiki" + "@nw" + ]; + }; + + "OpenStreetMap" = { + urls = [ { template = "https://www.openstreetmap.org/search?query={searchTerms}"; } ]; + icon = getIcon "https://www.openstreetmap.org/assets/favicon-32x32-99b88fcadeef736889823c8a886b89d8cada9d4423a49a27de29bacc0a6bebd1.png" "sha256-dt4QVbQPdb4neS/fwH3yOWOSbEdkjMZtAYnIeCfr7qI="; + definedAliases = [ + "@openstreetmap" + "@osm" + "@maps" + ]; + }; + + "ProtonDB" = { + urls = [ { template = "https://www.protondb.com/search?q={searchTerms}"; } ]; + icon = getIcon "https://www.protondb.com/sites/protondb/images/favicon.ico" "sha256-oauOp0EASNjMcThfzYJ2TfbaOYHBPL8LOp+9lmp4pmc="; + definedAliases = [ "@protondb" ]; + }; + + "PyPI" = { + urls = [ { template = "https://pypi.org/search/?q={searchTerms}"; } ]; + icon = getIcon "https://pypi.org/static/images/logo-small.2a411bc6.svg" "sha256-+fcSfcNxAMLIFkp+gh52c48lQORoyhcegUIFtuq/zYs="; + definedAliases = [ "@pypi" ]; + }; + + "Python Docs" = { + urls = [ { template = "https://docs.python.org/3/search.html?q={searchTerms}"; } ]; + icon = getIcon "https://docs.python.org/3/_static/py.svg" "sha256-WGW+i8wK+IhZSQPqARL2yNkjxXJsQIHoyFYRDMcznO8="; + definedAliases = [ "@pydocs" ]; + }; + + "Rate Your Music" = { + urls = [ { template = "https://rateyourmusic.com/search?searchterm={searchTerms}"; } ]; + icon = getIcon "https://e.snmc.io/3.0/img/logo/sonemic-32.png" "sha256-JpTt1tjBkUvDMTGrG7Hg2EiE8PR3RL7McodeZk1EpZA="; + definedAliases = [ "@rym" ]; + }; + + "Rust Std" = { + urls = [ { template = "https://doc.rust-lang.org/std/?search={searchTerms}"; } ]; + icon = getIcon "https://www.rust-lang.org/static/images/favicon-32x32.png" "sha256-l2y4jpnODbua4dyLvXTMBlHVkoDPM9y00l6L61so7eA="; + definedAliases = [ + "@ruststd" + "@rust" + ]; + }; + + "SourceHut" = { + urls = [ { template = "https://sr.ht/projects?search={searchTerms}"; } ]; + icon = getIcon "https://sr.ht/static/logo.png" "sha256-NBzKZhqE9//zVJlOwYiwyW/jRFh8+nS2YvC3zMCQ1fU="; + definedAliases = [ + "@sourcehut" + "@srht" + ]; + }; + + "SteamDB" = { + urls = [ { template = "https://steamdb.info/search/?a=app&q={searchTerms}"; } ]; + icon = getIcon "https://steamdb.info/static/logos/32px.png" "sha256-IUBiB5JUSvyDa+m/wecmHB8s3Wfu0JK98bJ+ZRZ5ybQ="; + definedAliases = [ "@steamdb" ]; + }; + + "WolframAlpha" = { + urls = [ { template = "https://www.wolframalpha.com/input?i={searchTerms}"; } ]; + icon = getIcon "https://www.wolframalpha.com/_next/static/images/favicon_1zbE9hjk.ico" "sha256-S9k7AlBQiDElBCGopJ8xfBD6dIhGU+EBh8t1QYbP2S4="; + definedAliases = [ + "@wolframalpha" + "@wa" + ]; + }; + + "Yahoo" = { + urls = [ { template = "https://yahoo.com/search/?text={searchTerms}"; } ]; + icon = getIcon "https://yahoostatic.net/s3/web4static/_/v2/oxjfXL1EO-B5Arm80ZrL00p0al4.png" "sha256-gvYh4oCZEO7BL2QZ6QvQFlmFiP2L4SLJrxAsKFcG6G4="; + definedAliases = [ + "@yahoo" + "@ya" + ]; + }; + + "YouTube" = { + urls = [ { template = "https://yewtu.be/search?q={}"; } ]; + icon = getIcon "https://www.youtube.com/s/desktop/280a3f09/img/favicon.ico" "sha256-i7HQ+kOhdDbVndVG9vdMdtxEc13vdSLCLYAxFm24kR0="; + definedAliases = [ + "@youtube" + "@yt" + ]; + }; + }; + }; - "Rust Std" = { - urls = [{template = "https://doc.rust-lang.org/std/?search={searchTerms}";}]; - icon = - getIcon - "https://www.rust-lang.org/static/images/favicon-32x32.png" - "sha256-l2y4jpnODbua4dyLvXTMBlHVkoDPM9y00l6L61so7eA="; - definedAliases = ["@ruststd" "@rust"]; - }; + # NOTE This silently overrides all other bookmarks. + bookmarks = [ + { + name = "Bookmarks Toolbar"; + toolbar = true; + bookmarks = with config.nixfiles.modules; [ + (mkIf syncthing.enable { + name = "Syncthing"; + url = "http://${config.services.syncthing.guiAddress}"; + }) + (mkIf ipfs.enable { + name = "IPFS"; + url = "http://127.0.0.1:${toString ipfs.apiPort}/webui"; + }) + ]; + } + ]; - "SourceHut" = { - urls = [{template = "https://sr.ht/projects?search={searchTerms}";}]; - icon = - getIcon - "https://sr.ht/static/logo.png" - "sha256-NBzKZhqE9//zVJlOwYiwyW/jRFh8+nS2YvC3zMCQ1fU="; - definedAliases = ["@sourcehut" "@srht"]; + # https://github.com/arkenfox/user.js/blob/master/user.js + arkenfox = { + enable = true; + "0000".enable = true; + "0100" = { + enable = true; + "0103"."browser.startup.homepage".value = "about:blank"; }; - - "SteamDB" = { - urls = [{template = "https://steamdb.info/search/?a=app&q={searchTerms}";}]; - icon = - getIcon - "https://steamdb.info/static/logos/32px.png" - "sha256-IUBiB5JUSvyDa+m/wecmHB8s3Wfu0JK98bJ+ZRZ5ybQ="; - definedAliases = ["@steamdb"]; + "0200".enable = true; + "0300".enable = true; + "0400" = { + enable = true; + "0401"."browser.safebrowsing.phishing.enabled".enable = true; + "0402"."browser.safebrowsing.downloads.enabled".enable = true; + "0404" = { + "browser.safebrowsing.downloads.remote.block_potentially_unwanted".enable = true; + "browser.safebrowsing.downloads.remote.block_uncommon".enable = true; + }; + "0405"."browser.safebrowsing.allowOverride".enable = true; }; - - "WolframAlpha" = { - urls = [{template = "https://www.wolframalpha.com/input?i={searchTerms}";}]; - icon = - getIcon - "https://www.wolframalpha.com/_next/static/images/favicon_1zbE9hjk.ico" - "sha256-S9k7AlBQiDElBCGopJ8xfBD6dIhGU+EBh8t1QYbP2S4="; - definedAliases = ["@wolframalpha" "@wa"]; + "0600".enable = true; + "0700" = { + enable = true; + "0710"."network.trr.mode" = { + enable = true; + value = 5; + }; }; - - "Yahoo" = { - urls = [{template = "https://yahoo.com/search/?text={searchTerms}";}]; - icon = - getIcon - "https://yahoostatic.net/s3/web4static/_/v2/oxjfXL1EO-B5Arm80ZrL00p0al4.png" - "sha256-gvYh4oCZEO7BL2QZ6QvQFlmFiP2L4SLJrxAsKFcG6G4="; - definedAliases = ["@yahoo" "@ya"]; + "0800" = { + enable = true; + "0830" = { + "browser.search.separatePrivateDefault" = { + enable = true; + value = false; + }; + "browser.search.separatePrivateDefault.ui.enabled" = { + enable = true; + value = false; + }; + }; }; - - "YouTube" = { - urls = [{template = "https://yewtu.be/search?q={}";}]; - icon = - getIcon - "https://www.youtube.com/s/desktop/280a3f09/img/favicon.ico" - "sha256-i7HQ+kOhdDbVndVG9vdMdtxEc13vdSLCLYAxFm24kR0="; - definedAliases = ["@youtube" "@yt"]; + "0900".enable = true; + "1000" = { + enable = true; + "1001".enable = false; + }; + "1200".enable = true; + "1600".enable = true; + "1700".enable = true; + "2000".enable = true; + "2400".enable = true; + "2600" = { + enable = true; + "2615"."permissions.default.shortcuts".enable = true; }; - }; - }; - - # NOTE This silently overrides all other bookmarks. - bookmarks = [ - { - name = "Bookmarks Toolbar"; - toolbar = true; - bookmarks = with config.nixfiles.modules; [ - (mkIf syncthing.enable { - name = "Syncthing"; - url = "http://${config.services.syncthing.guiAddress}"; - }) - (mkIf ipfs.enable { - name = "IPFS"; - url = "http://127.0.0.1:${toString ipfs.apiPort}/webui"; - }) - ]; - } - ]; - - # https://github.com/arkenfox/user.js/blob/master/user.js - arkenfox = { - enable = true; - "0000".enable = true; - "0100" = { - enable = true; - "0103"."browser.startup.homepage".value = "about:blank"; - }; - "0200".enable = true; - "0300".enable = true; - "0400" = { - enable = true; - "0401"."browser.safebrowsing.phishing.enabled".enable = true; - "0402"."browser.safebrowsing.downloads.enabled".enable = true; - "0404" = { - "browser.safebrowsing.downloads.remote.block_potentially_unwanted".enable = true; - "browser.safebrowsing.downloads.remote.block_uncommon".enable = true; + "2700".enable = true; + "2800" = { + enable = true; + "2811"."privacy.clearOnShutdown.history".value = false; }; - "0405"."browser.safebrowsing.allowOverride".enable = true; - }; - "0600".enable = true; - "0700" = { - enable = true; - "0710"."network.trr.mode" = { + "4500" = { enable = true; - value = 5; + "4502".enable = false; + "4504".enable = false; }; - }; - "0800" = { - enable = true; - "0830" = { - "browser.search.separatePrivateDefault" = { - enable = true; - value = false; - }; - "browser.search.separatePrivateDefault.ui.enabled" = { - enable = true; - value = false; + "5000" = { + enable = true; + "5003"."signon.rememberSignons".enable = true; + "5017" = { + "extensions.formautofill.addresses.enabled".enable = true; + "extensions.formautofill.creditCards.enabled".enable = true; }; + "5019"."browser.pagethumbnails.capturing_disabled".enable = true; }; - }; - "0900".enable = true; - "1000" = { - enable = true; - "1001".enable = false; - }; - "1200".enable = true; - "1600".enable = true; - "1700".enable = true; - "2000".enable = true; - "2400".enable = true; - "2600" = { - enable = true; - "2615"."permissions.default.shortcuts".enable = true; - }; - "2700".enable = true; - "2800" = { - enable = true; - "2811"."privacy.clearOnShutdown.history".value = false; - }; - "4500" = { - enable = true; - "4502".enable = false; - "4504".enable = false; - }; - "5000" = { - enable = true; - "5003"."signon.rememberSignons".enable = true; - "5017" = { - "extensions.formautofill.addresses.enabled".enable = true; - "extensions.formautofill.creditCards.enabled".enable = true; + "5500" = { + enable = true; + "5508"."media.eme.enabled".enable = true; + "5508"."browser.eme.ui.enabled".enable = true; }; - "5019"."browser.pagethumbnails.capturing_disabled".enable = true; + "6000".enable = true; + "7000".enable = true; + "8000".enable = true; + "9000".enable = true; }; - "5500" = { - enable = true; - "5508"."media.eme.enabled".enable = true; - "5508"."browser.eme.ui.enabled".enable = true; - }; - "6000".enable = true; - "7000".enable = true; - "8000".enable = true; - "9000".enable = true; - }; - settings = { - "app.update.auto" = false; - "browser.backspace_action" = 0; - "browser.disableResetPrompt" = true; - "browser.download.autohideButton" = false; - "browser.newtabpage.introShown" = true; - "browser.newtabpage.pinned" = ""; - "browser.onboarding.enabled" = false; - "browser.open.lastDir" = config.my.home; - "browser.protections_panel.infoMessage.seen" = true; - "browser.region.update.region" = "US"; - "browser.search.region" = "US"; - "browser.search.update" = false; - "browser.shell.checkDefaultBrowser" = false; - "browser.tabs.closeWindowWithLastTab" = true; - "browser.tabs.firefox-view" = false; - "browser.tabs.firefox-view-next" = false; - "browser.tabs.inTitlebar" = 0; - "browser.tabs.tabmanager.enabled" = false; - "browser.tabs.warnOnClose" = false; - "browser.tabs.warnOnCloseOtherTabs" = false; - "browser.tabs.warnOnOpen" = false; - "browser.toolbars.bookmarks.visibility" = "newtab"; - "browser.translations.enable" = false; - "browser.urlbar.decodeURLsOnCopy" = true; - "browser.urlbar.suggest.engines" = false; - "browser.warnOnQuitShortcut" = false; - "devtools.everOpened" = true; - "doh-rollout.home-region" = "US"; - "extensions.pocket.enabled" = false; - "extensions.update.autoUpdateDefault" = false; - "extensions.update.enabled" = false; - "full-screen-api.warning.delay" = 0; - "full-screen-api.warning.timeout" = 0; - "general.autoScroll" = true; - "general.smoothScroll" = true; - "identity.fxaccounts.enabled" = false; - "media.autoplay.blocking_policy" = 2; - "media.autoplay.default" = 5; - "media.hardwaremediakeys.enabled" = false; - "reader.parse-on-load.enabled" = false; - "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + settings = { + "app.update.auto" = false; + "browser.backspace_action" = 0; + "browser.disableResetPrompt" = true; + "browser.download.autohideButton" = false; + "browser.newtabpage.introShown" = true; + "browser.newtabpage.pinned" = ""; + "browser.onboarding.enabled" = false; + "browser.open.lastDir" = config.my.home; + "browser.protections_panel.infoMessage.seen" = true; + "browser.region.update.region" = "US"; + "browser.search.region" = "US"; + "browser.search.update" = false; + "browser.shell.checkDefaultBrowser" = false; + "browser.tabs.closeWindowWithLastTab" = true; + "browser.tabs.firefox-view" = false; + "browser.tabs.firefox-view-next" = false; + "browser.tabs.inTitlebar" = 0; + "browser.tabs.tabmanager.enabled" = false; + "browser.tabs.warnOnClose" = false; + "browser.tabs.warnOnCloseOtherTabs" = false; + "browser.tabs.warnOnOpen" = false; + "browser.toolbars.bookmarks.visibility" = "newtab"; + "browser.translations.enable" = false; + "browser.urlbar.decodeURLsOnCopy" = true; + "browser.urlbar.suggest.engines" = false; + "browser.warnOnQuitShortcut" = false; + "devtools.everOpened" = true; + "doh-rollout.home-region" = "US"; + "extensions.pocket.enabled" = false; + "extensions.update.autoUpdateDefault" = false; + "extensions.update.enabled" = false; + "full-screen-api.warning.delay" = 0; + "full-screen-api.warning.timeout" = 0; + "general.autoScroll" = true; + "general.smoothScroll" = true; + "identity.fxaccounts.enabled" = false; + "media.autoplay.blocking_policy" = 2; + "media.autoplay.default" = 5; + "media.hardwaremediakeys.enabled" = false; + "reader.parse-on-load.enabled" = false; + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + }; }; - }; }; }; }; diff --git a/modules/nixos/foot.nix b/modules/nixos/foot.nix new file mode 100644 index 0000000..502e143 --- /dev/null +++ b/modules/nixos/foot.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.foot; +in +{ + options.nixfiles.modules.foot.enable = mkEnableOption "Foot terminal emulator"; + + config = mkIf cfg.enable { + hm = { + home.packages = with pkgs; [ libsixel ]; + + programs.foot = { + enable = true; + settings = { + main = { + utmp-helper = "${pkgs.libutempter}/lib/utempter/utempter"; + pad = + let + n = toString config.stylix.fonts.sizes.terminal; + in + "${n}x${n}"; + }; + scrollback.lines = pow 2 14; + }; + }; + }; + }; +} diff --git a/modules/nixos/games/default.nix b/modules/nixos/games/default.nix index 78aae62..585164e 100644 --- a/modules/nixos/games/default.nix +++ b/modules/nixos/games/default.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.games; -in { +in +{ imports = [ ./gamemode.nix ./lutris.nix @@ -15,8 +13,7 @@ in { ./steam.nix ]; - options.nixfiles.modules.games.enable32BitSupport = - mkEnableOption "support for games"; + options.nixfiles.modules.games.enable32BitSupport = mkEnableOption "support for games"; config = mkIf cfg.enable32BitSupport { services = { diff --git a/modules/nixos/games/gamemode.nix b/modules/nixos/games/gamemode.nix index 193a764..eb485f8 100644 --- a/modules/nixos/games/gamemode.nix +++ b/modules/nixos/games/gamemode.nix @@ -1,18 +1,13 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.games.gamemode; -in { - options.nixfiles.modules.games.gamemode.enable = - mkEnableOption "Feral GameMode"; +in +{ + options.nixfiles.modules.games.gamemode.enable = mkEnableOption "Feral GameMode"; config = mkIf cfg.enable { - hm.xdg.configFile."gamemode.ini".text = generators.toINI {} { - general.softrealtime = "auto"; - }; + hm.xdg.configFile."gamemode.ini".text = generators.toINI { } { general.softrealtime = "auto"; }; programs.gamemode.enable = true; }; diff --git a/modules/nixos/games/lutris.nix b/modules/nixos/games/lutris.nix index f130be3..62fe521 100644 --- a/modules/nixos/games/lutris.nix +++ b/modules/nixos/games/lutris.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.games.lutris; -in { +in +{ options.nixfiles.modules.games.lutris.enable = mkEnableOption "Lutris"; config = mkIf cfg.enable { diff --git a/modules/nixos/games/mangohud.nix b/modules/nixos/games/mangohud.nix index 509e035..955f50c 100644 --- a/modules/nixos/games/mangohud.nix +++ b/modules/nixos/games/mangohud.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.games.mangohud; -in { +in +{ options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud"; config = mkIf cfg.enable { diff --git a/modules/nixos/games/minecraft.nix b/modules/nixos/games/minecraft.nix index 8a1a0b5..6e163dc 100644 --- a/modules/nixos/games/minecraft.nix +++ b/modules/nixos/games/minecraft.nix @@ -5,10 +5,12 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.games.minecraft; -in { - imports = [inputs.minecraft.nixosModules.minecraft-servers]; +in +{ + imports = [ inputs.minecraft.nixosModules.minecraft-servers ]; options.nixfiles.modules.games.minecraft = { client.enable = mkEnableOption "Minecraft client"; @@ -30,13 +32,11 @@ in { }; config = mkMerge [ - (mkIf cfg.client.enable { - hm.home.packages = [pkgs.prismlauncher]; - }) + (mkIf cfg.client.enable { hm.home.packages = [ pkgs.prismlauncher ]; }) (mkIf cfg.server.enable { - nixfiles.modules.common.nix.allowedUnfreePackages = ["minecraft-server"]; + nixfiles.modules.common.nix.allowedUnfreePackages = [ "minecraft-server" ]; - ark.directories = [config.services.minecraft-servers.dataDir]; + ark.directories = [ config.services.minecraft-servers.dataDir ]; services.minecraft-servers = { enable = true; @@ -78,9 +78,9 @@ in { }; }; - nixpkgs.overlays = [inputs.minecraft.overlay]; + nixpkgs.overlays = [ inputs.minecraft.overlay ]; - my.extraGroups = [config.services.minecraft-servers.group]; + my.extraGroups = [ config.services.minecraft-servers.group ]; }) ]; } diff --git a/modules/nixos/games/steam-run.nix b/modules/nixos/games/steam-run.nix index fc51c85..cfee8ae 100644 --- a/modules/nixos/games/steam-run.nix +++ b/modules/nixos/games/steam-run.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.games.steam-run; -in { +in +{ options.nixfiles.modules.games.steam-run = { enable = mkEnableOption "native Steam runtime"; @@ -19,7 +21,10 @@ in { config = mkIf cfg.enable { nixfiles.modules = { - common.nix.allowedUnfreePackages = ["steam" "steam-run"]; + common.nix.allowedUnfreePackages = [ + "steam" + "steam-run" + ]; games = { enable32BitSupport = true; @@ -30,46 +35,55 @@ in { hm.home.packages = with pkgs; [ (steam.override { - extraLibraries = _: + extraLibraries = + _: with cfg.quirks; - optional blackIsleStudios openssl_1_0_0 - ++ optionals cryptOfTheNecrodancer [ - (import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz"; - sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy"; - }) {inherit (config.nixpkgs) config localSystem;}) - .flac - ] - ++ optionals mountAndBladeWarband [ - (glew.overrideAttrs (_: super: let + optional blackIsleStudios openssl_1_0_0 + ++ optionals cryptOfTheNecrodancer [ + (import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz"; + sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy"; + }) { inherit (config.nixpkgs) config localSystem; }).flac + ] + ++ optionals mountAndBladeWarband [ + (glew.overrideAttrs ( + _: super: + let opname = super.pname; - in rec { + in + rec { pname = "${opname}-steam-run-fix"; inherit (super) version; src = fetchurl { url = "mirror://sourceforge/${opname}/${opname}-${version}.tgz"; hash = "sha256-BN6R5+Z2MDm8EZQAlc2cf4gLq6ghlqd2X3J6wFqZPJU="; }; - })) - (fmodex.overrideAttrs (_: super: let + } + )) + (fmodex.overrideAttrs ( + _: super: + let opname = super.pname; - in rec { + in + rec { pname = "${opname}-steam-run-fix"; inherit (super) version; - installPhase = let - libPath = makeLibraryPath [ - alsa-lib - libpulseaudio - stdenv.cc.cc - ]; - in '' - install -Dm755 api/lib/libfmodex64-${version}.so $out/lib/libfmodex64.so - patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so - ''; - })) - ]; - }) - .run + installPhase = + let + libPath = makeLibraryPath [ + alsa-lib + libpulseaudio + stdenv.cc.cc + ]; + in + '' + install -Dm755 api/lib/libfmodex64-${version}.so $out/lib/libfmodex64.so + patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so + ''; + } + )) + ]; + }).run ]; }; } diff --git a/modules/nixos/games/steam.nix b/modules/nixos/games/steam.nix index 7262d7f..5883b0e 100644 --- a/modules/nixos/games/steam.nix +++ b/modules/nixos/games/steam.nix @@ -4,15 +4,19 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.games.steam; -in { - options.nixfiles.modules.games.steam.enable = - mkEnableOption "Steam runtime"; +in +{ + options.nixfiles.modules.games.steam.enable = mkEnableOption "Steam runtime"; config = mkIf cfg.enable { nixfiles.modules = { - common.nix.allowedUnfreePackages = ["steam" "steam-original"]; + common.nix.allowedUnfreePackages = [ + "steam" + "steam-original" + ]; games = { enable32BitSupport = true; @@ -22,7 +26,7 @@ in { }; hm.home.packages = with pkgs; [ - (steam.override {extraEnv.MANGOHUD = 1;}) + (steam.override { extraEnv.MANGOHUD = 1; }) protontricks ]; }; diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix index cbeb48a..34ca200 100644 --- a/modules/nixos/git/default.nix +++ b/modules/nixos/git/default.nix @@ -6,9 +6,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.git; -in { +in +{ options.nixfiles.modules.git.server = { enable = mkEnableOption "Git server"; @@ -26,59 +28,59 @@ in { }; config = mkIf cfg.server.enable { - ark.directories = [ - config.services.gitolite.dataDir - ]; + ark.directories = [ config.services.gitolite.dataDir ]; nixfiles.modules.nginx = { enable = true; virtualHosts.${cfg.server.domain} = { locations = { - "/".extraConfig = let - cgitrc = pkgs.writeText "cgitrc" '' - root-title=github sux (⩺_⩹) - root-desc=https://github.com/azahi + "/".extraConfig = + let + cgitrc = pkgs.writeText "cgitrc" '' + root-title=github sux (⩺_⩹) + root-desc=https://github.com/azahi - clone-url=https://${cfg.server.domain}/$CGIT_REPO_URL + clone-url=https://${cfg.server.domain}/$CGIT_REPO_URL - logo=/cgit-custom-logo.gif - favicon=/cgit-custom-favicon.gif - css=/cgit-custom-style.css + logo=/cgit-custom-logo.gif + favicon=/cgit-custom-favicon.gif + css=/cgit-custom-style.css - about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh - source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py - commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh + about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh + source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py + commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh - enable-git-config=1 - enable-gitweb-owner=1 - remove-suffix=1 + enable-git-config=1 + enable-gitweb-owner=1 + remove-suffix=1 - readme=:README - readme=:README.md - readme=:README.org - readme=:README.txt - readme=:readme - readme=:readme.md - readme=:readme.org - readme=:readme.txt + readme=:README + readme=:README.md + readme=:README.org + readme=:README.txt + readme=:readme + readme=:readme.md + readme=:readme.org + readme=:readme.txt - scan-path=${config.services.gitolite.dataDir}/repositories - ''; - in '' - include ${config.services.nginx.package}/conf/fastcgi_params; - fastcgi_split_path_info ^(/?)(.+)$; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; - fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; - fastcgi_param CGIT_CONFIG ${cgitrc}; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; + scan-path=${config.services.gitolite.dataDir}/repositories + ''; + in + '' + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_split_path_info ^(/?)(.+)$; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; + fastcgi_param CGIT_CONFIG ${cgitrc}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; - ${libNginx.config.appendHead [ - ''<meta name="go-import" content="$host$uri git https://$host$uri">'' - (libPlausible.htmlPlausibleScript {inherit (cfg.server) domain;}) - ]} - ''; + ${libNginx.config.appendHead [ + ''<meta name="go-import" content="$host$uri git https://$host$uri">'' + (libPlausible.htmlPlausibleScript { inherit (cfg.server) domain; }) + ]} + ''; "~* ^.+(cgit.css|robots.txt)$".extraConfig = '' root ${cfg.server.package}/cgit; ''; @@ -88,43 +90,47 @@ in { "~* ^.+cgit-custom-favicon.gif$".extraConfig = '' alias ${./favicon.ico}; ''; - "~* ^.+cgit-custom-style.css$".extraConfig = let - css = pkgs.writeText "custom.css" '' - @import url("cgit.css"); + "~* ^.+cgit-custom-style.css$".extraConfig = + let + css = pkgs.writeText "custom.css" '' + @import url("cgit.css"); - div#cgit { - font-family: monospace; - -moz-tab-size: 4; - tab-size: 4; - } + div#cgit { + font-family: monospace; + -moz-tab-size: 4; + tab-size: 4; + } + ''; + in + '' + alias ${css}; ''; - in '' - alias ${css}; - ''; }; }; }; - services = let - user = "git"; - group = "git"; - in { - gitolite = { - enable = true; - inherit user group; - adminPubkey = my.ssh.key; - extraGitoliteRc = '' - # This allows hiding repositories via "cgit.ignore"[1]. - # - # [1]: https://www.omarpolo.com/post/cgit-gitolite.html - $RC{GIT_CONFIG_KEYS} = '.*'; - ''; - }; + services = + let + user = "git"; + group = "git"; + in + { + gitolite = { + enable = true; + inherit user group; + adminPubkey = my.ssh.key; + extraGitoliteRc = '' + # This allows hiding repositories via "cgit.ignore"[1]. + # + # [1]: https://www.omarpolo.com/post/cgit-gitolite.html + $RC{GIT_CONFIG_KEYS} = '.*'; + ''; + }; - fcgiwrap = { - enable = true; - inherit user group; + fcgiwrap = { + enable = true; + inherit user group; + }; }; - }; }; } diff --git a/modules/nixos/gnupg.nix b/modules/nixos/gnupg.nix index 5300554..ad2c939 100644 --- a/modules/nixos/gnupg.nix +++ b/modules/nixos/gnupg.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.gnupg; -in { +in +{ options.nixfiles.modules.gnupg.pinentry = mkOption { description = "Name of a pinentry implementation."; type = types.package; @@ -30,7 +32,7 @@ in { grabKeyboardAndMouse = true; - sshKeys = [my.pgp.grip]; + sshKeys = [ my.pgp.grip ]; pinentryPackage = cfg.pinentry; }; diff --git a/modules/nixos/gotify.nix b/modules/nixos/gotify.nix index 4bdd4fa..ad9b277 100644 --- a/modules/nixos/gotify.nix +++ b/modules/nixos/gotify.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.gotify; -in { +in +{ options.nixfiles.modules.gotify = { enable = mkEnableOption "Gotify"; @@ -17,14 +19,15 @@ in { }; }; - config = let - db = "gotify"; - in + config = + let + db = "gotify"; + in mkIf cfg.enable { nixfiles.modules = { nginx = { enable = true; - upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = {}; + upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = { }; virtualHosts.${cfg.domain} = { locations."/" = { proxyPass = "http://gotify"; @@ -50,7 +53,7 @@ in { }; postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; @@ -61,7 +64,10 @@ in { }; systemd.services.gotify-server = { - after = ["network-online.target" "postgresql.service"]; + after = [ + "network-online.target" + "postgresql.service" + ]; environment = { GOTIFY_DATABASE_DIALECT = "postgres"; GOTIFY_DATABASE_CONNECTION = concatStringsSep " " [ diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix index 2f32225..233c9e5 100644 --- a/modules/nixos/grafana.nix +++ b/modules/nixos/grafana.nix @@ -5,9 +5,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.grafana; -in { +in +{ options.nixfiles.modules.grafana = { enable = mkEnableOption "Grafana"; @@ -24,11 +26,12 @@ in { }; }; - config = let - db = "grafana"; - in + config = + let + db = "grafana"; + in mkIf cfg.enable { - ark.directories = [config.services.grafana.dataDir]; + ark.directories = [ config.services.grafana.dataDir ]; secrets = { grafana-key = { @@ -51,7 +54,7 @@ in { nixfiles.modules = { nginx = { enable = true; - upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${cfg.domain} = { locations."/" = { proxyPass = "http://grafana"; @@ -109,7 +112,7 @@ in { }; postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; diff --git a/modules/nixos/hydra.nix b/modules/nixos/hydra.nix index ec3297c..85b89ab 100644 --- a/modules/nixos/hydra.nix +++ b/modules/nixos/hydra.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.hydra; -in { +in +{ options.nixfiles.modules.hydra = { enable = mkEnableOption "Hydra"; @@ -26,32 +24,34 @@ in { nixfiles.modules = { nginx = { enable = true; - upstreams.hydra.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.hydra.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://hydra"; }; postgresql.enable = true; }; - services = let - db = "hydra"; - in { - hydra = { - enable = true; - listenHost = "127.0.0.1"; - inherit (cfg) port; - dbi = "dbi:Pg:dbname=${db};user=${db}"; - hydraURL = cfg.domain; - }; + services = + let + db = "hydra"; + in + { + hydra = { + enable = true; + listenHost = "127.0.0.1"; + inherit (cfg) port; + dbi = "dbi:Pg:dbname=${db};user=${db}"; + hydraURL = cfg.domain; + }; - postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensureDBOwnership = true; - } - ]; + postgresql = { + ensureDatabases = [ db ]; + ensureUsers = [ + { + name = db; + ensureDBOwnership = true; + } + ]; + }; }; - }; }; } diff --git a/modules/nixos/incus.nix b/modules/nixos/incus.nix index 14bbc1d..184aa03 100644 --- a/modules/nixos/incus.nix +++ b/modules/nixos/incus.nix @@ -1,15 +1,13 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.incus; -in { +in +{ options.nixfiles.modules.incus.enable = mkEnableOption "Incus"; config = mkIf cfg.enable { - ark.directories = ["/var/lib/incus"]; + ark.directories = [ "/var/lib/incus" ]; virtualisation.incus = { enable = true; @@ -55,7 +53,7 @@ in { }; }; - networking.firewall.trustedInterfaces = ["incusbr0"]; + networking.firewall.trustedInterfaces = [ "incusbr0" ]; # FIXME https://nixpk.gs/pr-tracker.html?pr=295364 # systemd.services.incus.path = mkForce [ @@ -63,6 +61,6 @@ in { # "${config.boot.zfs.package}/lib/udev" # ]; - my.extraGroups = ["incus-admin"]; + my.extraGroups = [ "incus-admin" ]; }; } diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix index 99ce6c9..cd28372 100644 --- a/modules/nixos/ipfs.nix +++ b/modules/nixos/ipfs.nix @@ -5,13 +5,15 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.ipfs; gatewayDefaultPort = 6001; apiDefaultPort = 5001; swarmDefaultPort = 4001; -in { +in +{ options.nixfiles.modules.ipfs = { enable = mkEnableOption "IPFS daemon"; @@ -24,19 +26,13 @@ in { gatewayPort = mkOption { description = "Gateway port."; type = with types; port; - default = - if this.isHeadless - then gatewayDefaultPort + 990 - else gatewayDefaultPort; + default = if this.isHeadless then gatewayDefaultPort + 990 else gatewayDefaultPort; }; apiPort = mkOption { description = "API port."; type = with types; port; - default = - if this.isHeadless - then apiDefaultPort + 990 - else apiDefaultPort; + default = if this.isHeadless then apiDefaultPort + 990 else apiDefaultPort; }; swarmPort = mkOption { @@ -86,22 +82,25 @@ in { "/ip4/10.0.0.0/ipcidr/8" "/ip6/fc00::/ipcidr/7" ]; - in { + in + { Addresses = { API = "/ip4/127.0.0.1/tcp/${toString cfg.apiPort}"; Gateway = "/ip4/127.0.0.1/tcp/${toString cfg.gatewayPort}"; - Swarm = let - port = toString cfg.swarmPort; - in [ - "/ip4/0.0.0.0/tcp/${port}" - "/ip6/::/tcp/${port}" - "/ip4/0.0.0.0/udp/${port}/quic" - "/ip4/0.0.0.0/udp/${port}/quic-v1" - "/ip4/0.0.0.0/udp/${port}/quic-v1/webtransport" - "/ip6/::/udp/${port}/quic" - "/ip6/::/udp/${port}/quic-v1" - "/ip6/::/udp/${port}/quic-v1/webtransport" - ]; + Swarm = + let + port = toString cfg.swarmPort; + in + [ + "/ip4/0.0.0.0/tcp/${port}" + "/ip6/::/tcp/${port}" + "/ip4/0.0.0.0/udp/${port}/quic" + "/ip4/0.0.0.0/udp/${port}/quic-v1" + "/ip4/0.0.0.0/udp/${port}/quic-v1/webtransport" + "/ip6/::/udp/${port}/quic" + "/ip6/::/udp/${port}/quic-v1" + "/ip6/::/udp/${port}/quic-v1/webtransport" + ]; NoAnnounce = filterAddresses; }; @@ -116,7 +115,7 @@ in { }; networking.firewall = rec { - allowedTCPPorts = [swarmDefaultPort]; + allowedTCPPorts = [ swarmDefaultPort ]; allowedUDPPorts = allowedTCPPorts; }; } @@ -124,8 +123,8 @@ in { nixfiles.modules.nginx = { enable = true; upstreams = with cfg; { - kubo_gateway.servers."127.0.0.1:${toString gatewayPort}" = {}; - kubo_api.servers."127.0.0.1:${toString apiPort}" = {}; + kubo_gateway.servers."127.0.0.1:${toString gatewayPort}" = { }; + kubo_api.servers."127.0.0.1:${toString apiPort}" = { }; }; virtualHosts = { ${cfg.domain} = { @@ -135,9 +134,7 @@ in { "api.${cfg.domain}" = { locations = { "/".proxyPass = "http://kubo_api"; - "~ ^/$".return = "301 http${ - optionalString config.nixfiles.modules.acme.enable "s" - }://api.${cfg.domain}/webui"; + "~ ^/$".return = "301 http${optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui"; }; extraConfig = libNginx.config.internalOnly; }; diff --git a/modules/nixos/jackett.nix b/modules/nixos/jackett.nix index 772e0e9..492e77a 100644 --- a/modules/nixos/jackett.nix +++ b/modules/nixos/jackett.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.jackett; -in { +in +{ options.nixfiles.modules.jackett = { enable = mkEnableOption "Jackett"; @@ -18,11 +20,11 @@ in { }; config = mkIf cfg.enable { - ark.directories = ["/var/lib/jackett"]; + ark.directories = [ "/var/lib/jackett" ]; nixfiles.modules.nginx = { enable = true; - upstreams.jackett.servers."127.0.0.1:9117" = {}; + upstreams.jackett.servers."127.0.0.1:9117" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://jackett"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/k3s.nix b/modules/nixos/k3s.nix index 016eb50..a6efd9f 100644 --- a/modules/nixos/k3s.nix +++ b/modules/nixos/k3s.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.k3s; -in { +in +{ options.nixfiles.modules.k3s = { enable = mkEnableOption "K3s"; }; diff --git a/modules/nixos/kde.nix b/modules/nixos/kde.nix index 2f6aa92..333e9f7 100644 --- a/modules/nixos/kde.nix +++ b/modules/nixos/kde.nix @@ -4,20 +4,25 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.kde; -in { +in +{ options.nixfiles.modules.kde.enable = mkEnableOption "KDE Plasma"; config = mkIf cfg.enable { nixfiles.modules = { - common.xdg.defaultApplications."org.kde.dolphin" = ["inode/directory"]; + common.xdg.defaultApplications."org.kde.dolphin" = [ "inode/directory" ]; gnupg.pinentry = pkgs.pinentry-qt; sound.enable = true; }; hm = { + # Fucking broken. I don't want to bother with fixing this shit now. + stylix.targets.kde.enable = false; + programs.firefox.profiles.default.settings = { "widget.use-xdg-desktop-portal.file-picker" = 1; "widget.use-xdg-desktop-portal.mime-handler" = 1; @@ -31,15 +36,13 @@ in { xdg.configFile = { "fontconfig/conf.d/10-hm-fonts.conf".force = mkForce true; "mimeapps.list".force = mkForce true; - "kcminputrc".text = generators.toINI {} { + "kcminputrc".text = generators.toINI { } { Keyboard = with config.services.xserver; { RepeatDelay = autoRepeatDelay; RepeatRate = autoRepeatInterval; }; }; - "baloofilerc".text = generators.toINI {} { - "Basic Settings"."Indexing-Enabled" = false; - }; + "baloofilerc".text = generators.toINI { } { "Basic Settings"."Indexing-Enabled" = false; }; }; }; diff --git a/modules/nixos/libvirtd.nix b/modules/nixos/libvirtd.nix index 0d58f5e..009fd24 100644 --- a/modules/nixos/libvirtd.nix +++ b/modules/nixos/libvirtd.nix @@ -4,13 +4,15 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.libvirtd; -in { +in +{ options.nixfiles.modules.libvirtd.enable = mkEnableOption "libvirtd"; config = mkIf cfg.enable { - ark.directories = ["/var/lib/libvirt"]; + ark.directories = [ "/var/lib/libvirt" ]; hm.home.packages = with pkgs; [ bridge-utils @@ -36,7 +38,7 @@ in { ovmf = { enable = true; - packages = [pkgs.OVMFFull.fd]; + packages = [ pkgs.OVMFFull.fd ]; }; swtpm = { @@ -46,6 +48,6 @@ in { }; }; - my.extraGroups = ["libvirtd"]; + my.extraGroups = [ "libvirtd" ]; }; } diff --git a/modules/nixos/lidarr.nix b/modules/nixos/lidarr.nix index 9b166cf..84d363b 100644 --- a/modules/nixos/lidarr.nix +++ b/modules/nixos/lidarr.nix @@ -5,9 +5,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.lidarr; -in { +in +{ options.nixfiles.modules.lidarr = { enable = mkEnableOption "Lidarr"; @@ -21,11 +23,11 @@ in { config = mkIf cfg.enable { secrets.lidarr-api-key.file = "${inputs.self}/secrets/lidarr-api-key"; - ark.directories = ["/var/lib/lidarr"]; + ark.directories = [ "/var/lib/lidarr" ]; nixfiles.modules.nginx = { enable = true; - upstreams.lidarr.servers."127.0.0.1:8686" = {}; + upstreams.lidarr.servers."127.0.0.1:8686" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://lidarr"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/loki.nix b/modules/nixos/loki.nix index ce19004..c446848 100644 --- a/modules/nixos/loki.nix +++ b/modules/nixos/loki.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.loki; -in { +in +{ options.nixfiles.modules.loki = { enable = mkEnableOption "Loki"; @@ -24,11 +26,11 @@ in { }; config = mkIf cfg.enable { - ark.directories = [config.services.loki.configuration.common.path_prefix]; + ark.directories = [ config.services.loki.configuration.common.path_prefix ]; nixfiles.modules.nginx = with cfg; { enable = true; - upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${domain} = { locations."/".proxyPass = "http://loki"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index c65b55b..5e8a7e4 100644 --- a/modules/nixos/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix @@ -5,9 +5,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.matrix.dendrite; -in { +in +{ options.nixfiles.modules.matrix.dendrite = { enable = mkEnableOption "Dendrite Matrix server"; @@ -24,9 +26,10 @@ in { }; }; - config = let - db = "dendrite"; - in + config = + let + db = "dendrite"; + in mkIf cfg.enable { ark.directories = [ "/var/lib/dendrite" @@ -46,25 +49,21 @@ in { nixfiles.modules = { nginx = { enable = true; - upstreams.dendrite.servers."127.0.0.1:${toString config.services.dendrite.httpPort}" = {}; + upstreams.dendrite.servers."127.0.0.1:${toString config.services.dendrite.httpPort}" = { }; virtualHosts.${cfg.domain}.locations = { "/_matrix".proxyPass = "http://dendrite"; "= /.well-known/matrix/server" = { extraConfig = '' add_header Content-Type application/json; ''; - return = "200 '${generators.toJSON {} { - "m.server" = "${cfg.domain}:443"; - }}'"; + return = "200 '${generators.toJSON { } { "m.server" = "${cfg.domain}:443"; }}'"; }; "= /.well-known/matrix/client" = { extraConfig = '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; ''; - return = "200 '${generators.toJSON {} { - "m.homeserver".base_url = "https://${cfg.domain}"; - }}'"; + return = "200 '${generators.toJSON { } { "m.homeserver".base_url = "https://${cfg.domain}"; }}'"; }; }; }; @@ -95,7 +94,7 @@ in { }; services.postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; @@ -106,118 +105,134 @@ in { systemd.services.dendrite = { description = "Dendrite Matrix homeserver"; - wantedBy = ["multi-user.target"]; - requires = ["network.target" "postgresql.service"]; - after = ["network.target" "postgresql.service"]; - serviceConfig = let - needsPrivileges = cfg.port < 1024; - capabilities = [""] ++ optionals needsPrivileges ["CAP_NET_BIND_SERVICE"]; - in { - Restart = "on-failure"; - ExecStartPre = let - settings = { - version = 2; - global = { - server_name = cfg.domain; - private_key = config.secrets.dendrite-private-key.path; - database = { - connection_string = "postgresql://${db}@/${db}?host=/run/postgresql"; - max_open_conns = 64; - max_idle_connections = 8; - }; - cache = { - max_size_estimated = "1gb"; - max_age = "1h"; - }; - trusted_third_party_id_servers = [ - "matrix.org" - "nixos.org" - "vector.im" - ]; - presence = { - enable_inbound = false; - enable_outbound = false; + wantedBy = [ "multi-user.target" ]; + requires = [ + "network.target" + "postgresql.service" + ]; + after = [ + "network.target" + "postgresql.service" + ]; + serviceConfig = + let + needsPrivileges = cfg.port < 1024; + capabilities = [ "" ] ++ optionals needsPrivileges [ "CAP_NET_BIND_SERVICE" ]; + in + { + Restart = "on-failure"; + ExecStartPre = + let + settings = { + version = 2; + global = { + server_name = cfg.domain; + private_key = config.secrets.dendrite-private-key.path; + database = { + connection_string = "postgresql://${db}@/${db}?host=/run/postgresql"; + max_open_conns = 64; + max_idle_connections = 8; + }; + cache = { + max_size_estimated = "1gb"; + max_age = "1h"; + }; + trusted_third_party_id_servers = [ + "matrix.org" + "nixos.org" + "vector.im" + ]; + presence = { + enable_inbound = false; + enable_outbound = false; + }; + }; + client_api = { + registration_disabled = true; + guests_disabled = true; + registration_shared_secret = "$REGISTRATION_SHARED_SECRET"; + }; + media_api = { + base_path = "/var/lib/dendrite/media_store"; + max_file_size_bytes = 0; + dynamic_thumbnails = true; + max_thumbnail_generators = 8; + thumbnail_sizes = [ + { + width = 32; + height = 32; + method = "crop"; + } + { + width = 96; + height = 96; + method = "crop"; + } + { + width = 640; + height = 480; + method = "scale"; + } + ]; + }; + logging = [ + { + type = "std"; + level = "warn"; + } + ]; }; - }; - client_api = { - registration_disabled = true; - guests_disabled = true; - registration_shared_secret = "$REGISTRATION_SHARED_SECRET"; - }; - media_api = { - base_path = "/var/lib/dendrite/media_store"; - max_file_size_bytes = 0; - dynamic_thumbnails = true; - max_thumbnail_generators = 8; - thumbnail_sizes = [ - { - width = 32; - height = 32; - method = "crop"; - } - { - width = 96; - height = 96; - method = "crop"; - } - { - width = 640; - height = 480; - method = "scale"; - } - ]; - }; - logging = [ - { - type = "std"; - level = "warn"; - } + in + concatStringsSep " " [ + (getExe pkgs.envsubst) + "-i ${(pkgs.formats.yaml { }).generate "dendrite.yaml" settings}" + "-o /run/dendrite/dendrite.yaml" ]; - }; - in - concatStringsSep " " [ - (getExe pkgs.envsubst) - "-i ${(pkgs.formats.yaml {}).generate "dendrite.yaml" settings}" - "-o /run/dendrite/dendrite.yaml" + ExecStart = concatStringsSep " " [ + (getExe' pkgs.dendrite "dendrite") + "--config /run/dendrite/dendrite.yaml" + "--http-bind-address 127.0.0.1:${toString cfg.port}" ]; - ExecStart = concatStringsSep " " [ - (getExe' pkgs.dendrite "dendrite") - "--config /run/dendrite/dendrite.yaml" - "--http-bind-address 127.0.0.1:${toString cfg.port}" - ]; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - EnvironmentFile = config.secrets.dendrite-environment-file.path; - DynamicUser = true; - StateDirectory = "dendrite"; - RuntimeDirectory = "dendrite"; - RuntimeDirectoryMode = "0700"; - AmbientCapabilities = capabilities; - CapabilityBoundingSet = capabilities; - UMask = "0077"; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = !needsPrivileges; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectSystem = "strict"; - ProtectProc = "noaccess"; - ProcSubset = "pid"; - RemoveIPC = true; - RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = ["@system-service" "~@privileged"]; - }; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + EnvironmentFile = config.secrets.dendrite-environment-file.path; + DynamicUser = true; + StateDirectory = "dendrite"; + RuntimeDirectory = "dendrite"; + RuntimeDirectoryMode = "0700"; + AmbientCapabilities = capabilities; + CapabilityBoundingSet = capabilities; + UMask = "0077"; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = !needsPrivileges; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + ProtectProc = "noaccess"; + ProcSubset = "pid"; + RemoveIPC = true; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; + }; }; }; } diff --git a/modules/nixos/matrix/element.nix b/modules/nixos/matrix/element.nix index 3d47800..92a2927 100644 --- a/modules/nixos/matrix/element.nix +++ b/modules/nixos/matrix/element.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.matrix.element; -in { +in +{ options.nixfiles.modules.matrix.element = { enable = mkEnableOption "Element, a Matrix web interface"; @@ -26,7 +28,8 @@ in { config = mkIf cfg.enable { assertions = [ { - assertion = with config.nixfiles.modules.matrix; + assertion = + with config.nixfiles.modules.matrix; (synapse.enable || dendrite.enable) && !(!synapse.enable && !dendrite.enable); message = "Synapse or Dendrite must be enabled"; } diff --git a/modules/nixos/monitoring/default.nix b/modules/nixos/monitoring/default.nix index 5aed215..6e5b782 100644 --- a/modules/nixos/monitoring/default.nix +++ b/modules/nixos/monitoring/default.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.monitoring; -in { +in +{ options.nixfiles.modules.monitoring.enable = mkEnableOption '' a glue to provision a monitoring stack ''; @@ -134,83 +136,93 @@ in { }; prometheus = { - scrapeConfigs = with my.configurations; + scrapeConfigs = + with my.configurations; mapAttrsToList - ( - name: value: { + (name: value: { job_name = name; static_configs = [ { - targets = with value; - map (host: + targets = + with value; + map ( + host: concatStringsSep ":" [ - ( - if isAttrs host - then host.hostname - else host - ) + (if isAttrs host then host.hostname else host) (toString port) - ]) - hosts; + ] + ) hosts; } ]; - relabel_configs = - [ - { - source_labels = ["__address__"]; - regex = "([^:]+):\\d+"; - target_label = "instance"; - } - ] - ++ optionals (hasAttr "relabel" value) value.relabel; - } - ) - { - promtail = { - hosts = [manwe varda yavanna]; - inherit (config.nixfiles.modules.promtail) port; - }; - ntfy = { - hosts = [manwe]; - inherit (config.nixfiles.modules.ntfy.prometheus) port; - }; - soju = { - hosts = ["127.0.0.1"]; - inherit (config.nixfiles.modules.soju.prometheus) port; - }; - endlessh-go = { - hosts = [manwe varda yavanna]; - inherit (config.services.endlessh-go.prometheus) port; - }; - nginx = { - hosts = [manwe yavanna]; - inherit (config.services.prometheus.exporters.nginx) port; - }; - node = { - hosts = [manwe varda yavanna]; - inherit (config.services.prometheus.exporters.node) port; - }; - postgres = { - hosts = [manwe]; - inherit (config.services.prometheus.exporters.postgres) port; - }; - redis = { - hosts = [manwe]; - inherit (config.services.prometheus.exporters.redis) port; - }; - unbound = { - hosts = [manwe]; - inherit (config.services.prometheus.exporters.unbound) port; - }; - wireguard = { - hosts = [manwe]; - inherit (config.services.prometheus.exporters.wireguard) port; - }; - exportarr-lidarr = { - hosts = [yavanna]; - inherit (config.services.prometheus.exporters.exportarr-lidarr) port; + relabel_configs = [ + { + source_labels = [ "__address__" ]; + regex = "([^:]+):\\d+"; + target_label = "instance"; + } + ] ++ optionals (hasAttr "relabel" value) value.relabel; + }) + { + promtail = { + hosts = [ + manwe + varda + yavanna + ]; + inherit (config.nixfiles.modules.promtail) port; + }; + ntfy = { + hosts = [ manwe ]; + inherit (config.nixfiles.modules.ntfy.prometheus) port; + }; + soju = { + hosts = [ "127.0.0.1" ]; + inherit (config.nixfiles.modules.soju.prometheus) port; + }; + endlessh-go = { + hosts = [ + manwe + varda + yavanna + ]; + inherit (config.services.endlessh-go.prometheus) port; + }; + nginx = { + hosts = [ + manwe + yavanna + ]; + inherit (config.services.prometheus.exporters.nginx) port; + }; + node = { + hosts = [ + manwe + varda + yavanna + ]; + inherit (config.services.prometheus.exporters.node) port; + }; + postgres = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.postgres) port; + }; + redis = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.redis) port; + }; + unbound = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.unbound) port; + }; + wireguard = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.wireguard) port; + }; + exportarr-lidarr = { + hosts = [ yavanna ]; + inherit (config.services.prometheus.exporters.exportarr-lidarr) port; + }; }; - }; ruleFiles = [ ./rules/nginx.yaml @@ -222,9 +234,7 @@ in { alertmanagers = [ { scheme = "https"; - static_configs = [ - {targets = [config.nixfiles.modules.alertmanager.domain];} - ]; + static_configs = [ { targets = [ config.nixfiles.modules.alertmanager.domain ]; } ]; } ]; }; diff --git a/modules/nixos/mpd.nix b/modules/nixos/mpd.nix index 485cde3..7c3c821 100644 --- a/modules/nixos/mpd.nix +++ b/modules/nixos/mpd.nix @@ -4,16 +4,18 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.mpd; -in { +in +{ options.nixfiles.modules.mpd.enable = mkEnableOption "MPD and its clients."; config = mkIf cfg.enable { nixfiles.modules.sound.enable = true; hm = { - home.packages = with pkgs; [mpc_cli]; + home.packages = with pkgs; [ mpc_cli ]; services.mpd = { enable = true; @@ -170,19 +172,31 @@ in { } { key = "J"; - command = ["select_item" "scroll_down"]; + command = [ + "select_item" + "scroll_down" + ]; } { key = "K"; - command = ["select_item" "scroll_up"]; + command = [ + "select_item" + "scroll_up" + ]; } { key = "h"; - command = ["previous_column" "master_screen"]; + command = [ + "previous_column" + "master_screen" + ]; } { key = "l"; - command = ["next_column" "slave_screen"]; + command = [ + "next_column" + "slave_screen" + ]; } { key = "g"; diff --git a/modules/nixos/mpv.nix b/modules/nixos/mpv.nix index a2b73fa..8042c1a 100644 --- a/modules/nixos/mpv.nix +++ b/modules/nixos/mpv.nix @@ -1,92 +1,91 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.mpv; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules.common = { shell.aliases.cam = "mpv av://v4l2:/dev/video0"; - xdg.defaultApplications.mpv = let - audio = [ - "audio/aac" - "audio/ac3" - "audio/basic" - "audio/flac" - "audio/midi" - "audio/mp4" - "audio/mpeg" - "audio/ogg" - "audio/opus" - "audio/vnd.dts" - "audio/vnd.dts.hd" - "audio/webm" - "audio/x-adpcm" - "audio/x-aifc" - "audio/x-aiff" - "audio/x-ape" - "audio/x-flac+ogg" - "audio/x-m4b" - "audio/x-m4r" - "audio/x-matroska" - "audio/x-mpegurl" - "audio/x-musepack" - "audio/x-opus+ogg" - "audio/x-speex" - "audio/x-speex+ogg" - "audio/x-vorbis+ogg" - "audio/x-wav" - "audio/x-wavpack" - "x-content/audio-cdda" - "x-content/audio-dvd" - ]; - video = [ - "video/3gpp" - "video/3gpp2" - "video/mkv" - "video/mp2t" - "video/mp4" - "video/mpeg" - "video/ogg" - "video/quicktime" - "video/vnd.mpegurl" - "video/vnd.radgamettools.bink" - "video/vnd.radgamettools.smacker" - "video/wavelet" - "video/webm" - "video/x-matroska" - "video/x-matroska-3d" - "video/x-mjpeg" - "video/x-msvideo" - "video/x-ogm+ogg" - "video/x-theora+ogg" - "x-content/video-bluray" - "x-content/video-dvd" - "x-content/video-hddvd" - "x-content/video-svcd" - "x-content/video-vcd" - ]; - image = [ - "image/avif" - "image/bmp" - "image/gif" - "image/jp2" - "image/jpeg" - "image/jpg" - "image/jpm" - "image/jpx" - "image/jxl" - "image/png" - "image/tiff" - "image/vnd.microsoft.icon" - "image/webp" - "image/webp" - "image/x-tga" - ]; - in + xdg.defaultApplications.mpv = + let + audio = [ + "audio/aac" + "audio/ac3" + "audio/basic" + "audio/flac" + "audio/midi" + "audio/mp4" + "audio/mpeg" + "audio/ogg" + "audio/opus" + "audio/vnd.dts" + "audio/vnd.dts.hd" + "audio/webm" + "audio/x-adpcm" + "audio/x-aifc" + "audio/x-aiff" + "audio/x-ape" + "audio/x-flac+ogg" + "audio/x-m4b" + "audio/x-m4r" + "audio/x-matroska" + "audio/x-mpegurl" + "audio/x-musepack" + "audio/x-opus+ogg" + "audio/x-speex" + "audio/x-speex+ogg" + "audio/x-vorbis+ogg" + "audio/x-wav" + "audio/x-wavpack" + "x-content/audio-cdda" + "x-content/audio-dvd" + ]; + video = [ + "video/3gpp" + "video/3gpp2" + "video/mkv" + "video/mp2t" + "video/mp4" + "video/mpeg" + "video/ogg" + "video/quicktime" + "video/vnd.mpegurl" + "video/vnd.radgamettools.bink" + "video/vnd.radgamettools.smacker" + "video/wavelet" + "video/webm" + "video/x-matroska" + "video/x-matroska-3d" + "video/x-mjpeg" + "video/x-msvideo" + "video/x-ogm+ogg" + "video/x-theora+ogg" + "x-content/video-bluray" + "x-content/video-dvd" + "x-content/video-hddvd" + "x-content/video-svcd" + "x-content/video-vcd" + ]; + image = [ + "image/avif" + "image/bmp" + "image/gif" + "image/jp2" + "image/jpeg" + "image/jpg" + "image/jpm" + "image/jpx" + "image/jxl" + "image/png" + "image/tiff" + "image/vnd.microsoft.icon" + "image/webp" + "image/webp" + "image/x-tga" + ]; + in audio ++ video ++ image; }; }; diff --git a/modules/nixos/murmur.nix b/modules/nixos/murmur.nix index 8ac7899..7621c9e 100644 --- a/modules/nixos/murmur.nix +++ b/modules/nixos/murmur.nix @@ -4,13 +4,15 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.murmur; -in { +in +{ options.nixfiles.modules.murmur.enable = mkEnableOption "Murmur"; config = mkIf cfg.enable { - ark.directories = ["/var/lib/murmur"]; + ark.directories = [ "/var/lib/murmur" ]; secrets.murmur-environment = { file = "${inputs.self}/secrets/murmur-environment"; diff --git a/modules/nixos/nextcloud.nix b/modules/nixos/nextcloud.nix index 13cecb7..4053c38 100644 --- a/modules/nixos/nextcloud.nix +++ b/modules/nixos/nextcloud.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.nextcloud; -in { +in +{ options.nixfiles.modules.nextcloud = { enable = mkEnableOption "Nextcloud"; @@ -21,97 +23,105 @@ in { nixfiles.modules = { nginx = { enable = true; - virtualHosts.${cfg.domain} = {}; + virtualHosts.${cfg.domain} = { }; }; postgresql.enable = true; }; - services = let - db = "nextcloud"; - in { - nextcloud = mkMerge [ - { - enable = true; - package = pkgs.nextcloud23; - - hostName = cfg.domain; + services = + let + db = "nextcloud"; + in + { + nextcloud = mkMerge [ + { + enable = true; + package = pkgs.nextcloud23; - appstoreEnable = false; + hostName = cfg.domain; - config = { - adminpassFile = null; # This needs to be set as secret. + appstoreEnable = false; - dbtype = "pgsql"; - dbhost = "/run/postgresql"; - dbuser = db; - dbname = db; + config = { + adminpassFile = null; # This needs to be set as secret. - defaultPhoneRegion = "RU"; - }; + dbtype = "pgsql"; + dbhost = "/run/postgresql"; + dbuser = db; + dbname = db; - extraApps = let - mkNextcloudApp = { - name, - version, - hash, - }: - pkgs.fetchNextcloudApp { - inherit name version hash; - url = "https://github.com/nextcloud/${name}/archive/refs/tags/v${version}.tar.gz"; - }; - in { - contacts = mkNextcloudApp { - name = "contacts"; - version = "4.0.1"; - sha256 = "sha256-dXKsG8KmlUojeY5dUn/XsMD3KaSh4QcZFOGDdcqlSvE="; - }; - calendar = mkNextcloudApp { - name = "calendar"; - version = "3.0.5"; - sha256 = "sha256-aKUKm7fWJQxOWwma56Tv+GGIo+p0n30Nhoyt4XoxsjI="; - }; - files_rightclick = mkNextcloudApp { - name = "files_rightclick"; - version = "23.0.1"; - sha256 = "sha256-VYODzkvvGrtpyRoug/8UPKhAgfCx1ltP1JdGPiB/lts="; - }; - unsplash = mkNextcloudApp { - name = "unsplash"; - version = "1.2.4"; - sha256 = "sha256-KGSkBOrNu0nK0YvAPYaxEL/kZNoJQD1oBV2aUBxh6cI="; - }; - previewgenerator = mkNextcloudApp { - name = "previewgenerator"; - version = "3.4.1"; - sha256 = "sha256-IUdj0xWt5zHxQoiMv1bYyYTzekuOFrsRIe530QOwC/w="; + defaultPhoneRegion = "RU"; }; - bruteforcesettings = mkNextcloudApp { - name = "bruteforcesettings"; - version = "2.3.0"; - sha256 = "sha256-J7ujmiPaw8GI7vDfVPXEum2XAMWvahciP8C6iXgckdE="; - }; - }; - } - (mkIf config.nixfiles.modules.acme.enable { - https = true; - config.overwriteProtocol = "https"; - }) - ]; - postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensureDBOwnership = true; + extraApps = + let + mkNextcloudApp = + { + name, + version, + hash, + }: + pkgs.fetchNextcloudApp { + inherit name version hash; + url = "https://github.com/nextcloud/${name}/archive/refs/tags/v${version}.tar.gz"; + }; + in + { + contacts = mkNextcloudApp { + name = "contacts"; + version = "4.0.1"; + sha256 = "sha256-dXKsG8KmlUojeY5dUn/XsMD3KaSh4QcZFOGDdcqlSvE="; + }; + calendar = mkNextcloudApp { + name = "calendar"; + version = "3.0.5"; + sha256 = "sha256-aKUKm7fWJQxOWwma56Tv+GGIo+p0n30Nhoyt4XoxsjI="; + }; + files_rightclick = mkNextcloudApp { + name = "files_rightclick"; + version = "23.0.1"; + sha256 = "sha256-VYODzkvvGrtpyRoug/8UPKhAgfCx1ltP1JdGPiB/lts="; + }; + unsplash = mkNextcloudApp { + name = "unsplash"; + version = "1.2.4"; + sha256 = "sha256-KGSkBOrNu0nK0YvAPYaxEL/kZNoJQD1oBV2aUBxh6cI="; + }; + previewgenerator = mkNextcloudApp { + name = "previewgenerator"; + version = "3.4.1"; + sha256 = "sha256-IUdj0xWt5zHxQoiMv1bYyYTzekuOFrsRIe530QOwC/w="; + }; + bruteforcesettings = mkNextcloudApp { + name = "bruteforcesettings"; + version = "2.3.0"; + sha256 = "sha256-J7ujmiPaw8GI7vDfVPXEum2XAMWvahciP8C6iXgckdE="; + }; + }; } + (mkIf config.nixfiles.modules.acme.enable { + https = true; + config.overwriteProtocol = "https"; + }) ]; + + postgresql = { + ensureDatabases = [ db ]; + ensureUsers = [ + { + name = db; + ensureDBOwnership = true; + } + ]; + }; }; - }; systemd = { services = { - nextcloud-setup.after = ["network-online.target" "postgresql.service"]; + nextcloud-setup.after = [ + "network-online.target" + "postgresql.service" + ]; nextcloud-preview-generate-cron.serviceConfig = { Type = "oneshot"; @@ -121,7 +131,7 @@ in { }; timers.nextcloud-preview-generate = { - wantedBy = ["timers.target"]; + wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "15m"; OnUnitActiveSec = "15m"; diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix index 05c6a06..ed34237 100644 --- a/modules/nixos/nginx.nix +++ b/modules/nixos/nginx.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.nginx; -in { +in +{ options.nixfiles.modules.nginx = { enable = mkEnableOption "Nginx"; @@ -62,8 +64,9 @@ in { '' add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; '' - (optionalString (hasAttr "wireguard" this) - (with config.nixfiles.modules.wireguard; '' + (optionalString (hasAttr "wireguard" this) ( + with config.nixfiles.modules.wireguard; + '' geo $internal { default 0; 127.0.0.1/32 1; @@ -71,7 +74,8 @@ in { ${ipv4.subnet} 1; ${ipv6.subnet} 1; } - '')) + '' + )) ]; inherit (cfg) upstreams; @@ -84,15 +88,18 @@ in { locations."/".return = "444"; }; } - // (mkIf (cfg.virtualHosts != null) (mapAttrs (_: attr: - mkMerge [ - attr - (mkIf config.nixfiles.modules.acme.enable { - enableACME = mkDefault true; - forceSSL = mkDefault true; - }) - ]) - cfg.virtualHosts)); + // (mkIf (cfg.virtualHosts != null) ( + mapAttrs ( + _: attr: + mkMerge [ + attr + (mkIf config.nixfiles.modules.acme.enable { + enableACME = mkDefault true; + forceSSL = mkDefault true; + }) + ] + ) cfg.virtualHosts + )); }; fail2ban.jails = { @@ -107,6 +114,9 @@ in { }; }; - networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; }; } diff --git a/modules/nixos/node-exporter.nix b/modules/nixos/node-exporter.nix index 43f48f6..8e76903 100644 --- a/modules/nixos/node-exporter.nix +++ b/modules/nixos/node-exporter.nix @@ -4,9 +4,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.node-exporter; -in { +in +{ options.nixfiles.modules.node-exporter.enable = mkEnableOption "Prometheus Node Exporter"; config = mkIf cfg.enable { diff --git a/modules/nixos/nsd.nix b/modules/nixos/nsd.nix index ae72f1d..f44a2a0 100644 --- a/modules/nixos/nsd.nix +++ b/modules/nixos/nsd.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.nsd; -in { +in +{ options.nixfiles.modules.nsd = { enable = mkEnableOption "NSD"; @@ -19,194 +21,208 @@ in { }; config = mkIf cfg.enable { - nixfiles.modules.nginx = let - domain = my.domain.shire; - in { - enable = true; - virtualHosts = mapAttrs' (_: v: - nameValuePair "mta-sts.${v}" { - locations."= /.well-known/mta-sts.txt" = { - extraConfig = '' - add_header default_type text/plain; - ''; - return = "200 '${concatStringsSep "\\r\\n" [ - "version: STSv1" - "mode: enforce" - "max_age: 2419200" - "mx: ${domain}" - ]}'"; - }; - }) - my.domain; - }; + nixfiles.modules.nginx = + let + domain = my.domain.shire; + in + { + enable = true; + virtualHosts = mapAttrs' ( + _: v: + nameValuePair "mta-sts.${v}" { + locations."= /.well-known/mta-sts.txt" = { + extraConfig = '' + add_header default_type text/plain; + ''; + return = "200 '${ + concatStringsSep "\\r\\n" [ + "version: STSv1" + "mode: enforce" + "max_age: 2419200" + "mx: ${domain}" + ] + }'"; + }; + } + ) my.domain; + }; services = { nsd = { enable = true; - interfaces = with this; [ipv4.address ipv6.address]; + interfaces = with this; [ + ipv4.address + ipv6.address + ]; ipTransparent = true; ratelimit.enable = true; - zones = let - dns = inputs.dns.lib; - in - with dns.combinators; let - ips = hostname: - with my.configurations.${hostname}; { - A = [(a ipv4.address)]; - AAAA = [(aaaa ipv6.address)]; + zones = + let + dns = inputs.dns.lib; + in + with dns.combinators; + let + ips = + hostname: with my.configurations.${hostname}; { + A = [ (a ipv4.address) ]; + AAAA = [ (aaaa ipv6.address) ]; }; - mkEmailEntries = { - domain ? my.domain.shire, - dkimKey ? null, - }: { - MX = [(mx.mx 10 "${my.domain.shire}.")]; - TXT = [(spf.soft ["a"])]; - DMARC = [ - { - p = "quarantine"; - sp = "quarantine"; - rua = ["mailto:admin+rua@${domain}"]; - ruf = ["mailto:admin+ruf@${domain}"]; - } - ]; - DKIM = optional (dkimKey != null) { - selector = "mail"; - p = dkimKey; + mkEmailEntries = + { + domain ? my.domain.shire, + dkimKey ? null, + }: + { + MX = [ (mx.mx 10 "${my.domain.shire}.") ]; + TXT = [ (spf.soft [ "a" ]) ]; + DMARC = [ + { + p = "quarantine"; + sp = "quarantine"; + rua = [ "mailto:admin+rua@${domain}" ]; + ruf = [ "mailto:admin+ruf@${domain}" ]; + } + ]; + DKIM = optional (dkimKey != null) { + selector = "mail"; + p = dkimKey; + }; + subdomains._mta-sts.TXT = [ "v=STSv1; id=20230506134541Z" ]; }; - subdomains._mta-sts.TXT = ["v=STSv1; id=20230506134541Z"]; - }; - mkZone = { - domain, - sldIps ? (ips "manwe"), - extra ? {}, - }: { - ${domain}.data = dns.toString domain (mkMerge [ - { - TTL = 60 * 60; + mkZone = + { + domain, + sldIps ? (ips "manwe"), + extra ? { }, + }: + { + ${domain}.data = dns.toString domain (mkMerge [ + { + TTL = 60 * 60; - SOA = { - nameServer = "${cfg.fqdn}."; - adminEmail = "admin+dns@${my.domain.shire}"; - serial = 2022091601; # Don't forget to bump the revision! - }; + SOA = { + nameServer = "${cfg.fqdn}."; + adminEmail = "admin+dns@${my.domain.shire}"; + serial = 2022091601; # Don't forget to bump the revision! + }; - NS = with my.domain; [ - "ns1.${shire}" - # "ns2.${shire}" - ]; + NS = with my.domain; [ + "ns1.${shire}" + # "ns2.${shire}" + ]; - CAA = letsEncrypt "admin+caa@${my.domain.shire}"; - } - sldIps - extra - ]); - }; + CAA = letsEncrypt "admin+caa@${my.domain.shire}"; + } + sldIps + extra + ]); + }; # https://ariadne.id/ # https://docs.keyoxide.org/service-providers/dns/ - ariadneIdProof.TXT = ["openpgp4fpr:${my.pgp.fingerprint}"]; + ariadneIdProof.TXT = [ "openpgp4fpr:${my.pgp.fingerprint}" ]; in - mkMerge [ - (mkZone rec { - domain = my.domain.shire; - extra = mkMerge [ - (mkEmailEntries { - inherit domain; - dkimKey = "@DKIM_KEY@"; - }) - { - subdomains = rec { - manwe = ips "manwe"; - "*.manwe" = manwe; - varda = ips "varda"; - "*.varda" = varda; - yavanna = ips "yavanna"; - "*.yavanna" = yavanna; - - mta-sts = manwe; - - ns1 = manwe; - # ns2 = varda; - - alertmanager = manwe; - bitwarden = manwe; - git = manwe; - grafana = manwe; - loki = manwe; - ntfy = manwe; - plausible = manwe; - prometheus = manwe; - radicale = manwe; - rss-bridge = manwe; - vaultwarden = manwe; - - flood = yavanna; - jackett = yavanna; - lidarr = yavanna; - }; - } - ]; - }) - (mkZone rec { - domain = my.domain.azahi; - extra = mkMerge [ - (mkEmailEntries { - inherit domain; - dkimKey = "@DKIM_KEY@"; - }) - ariadneIdProof - { - subdomains = { - mta-sts = ips "manwe"; + mkMerge [ + (mkZone rec { + domain = my.domain.shire; + extra = mkMerge [ + (mkEmailEntries { + inherit domain; + dkimKey = "@DKIM_KEY@"; + }) + { + subdomains = rec { + manwe = ips "manwe"; + "*.manwe" = manwe; + varda = ips "varda"; + "*.varda" = varda; + yavanna = ips "yavanna"; + "*.yavanna" = yavanna; + + mta-sts = manwe; + + ns1 = manwe; + # ns2 = varda; + + alertmanager = manwe; + bitwarden = manwe; + git = manwe; + grafana = manwe; + loki = manwe; + ntfy = manwe; + plausible = manwe; + prometheus = manwe; + radicale = manwe; + rss-bridge = manwe; + vaultwarden = manwe; + + flood = yavanna; + jackett = yavanna; + lidarr = yavanna; + }; + } + ]; + }) + (mkZone rec { + domain = my.domain.azahi; + extra = mkMerge [ + (mkEmailEntries { + inherit domain; + dkimKey = "@DKIM_KEY@"; + }) + ariadneIdProof + { + subdomains = { + mta-sts = ips "manwe"; - git = ips "manwe"; - }; - } - ]; - }) - (mkZone rec { - domain = my.domain.gondor; - extra = mkMerge [ - (mkEmailEntries { - inherit domain; - dkimKey = "@DKIM_KEY@"; - }) - { - subdomains = { - mta-sts = ips "manwe"; + git = ips "manwe"; + }; + } + ]; + }) + (mkZone rec { + domain = my.domain.gondor; + extra = mkMerge [ + (mkEmailEntries { + inherit domain; + dkimKey = "@DKIM_KEY@"; + }) + { + subdomains = { + mta-sts = ips "manwe"; - frodo = ips "manwe" // ariadneIdProof; - }; - } - ]; - }) - (mkZone rec { - domain = my.domain.rohan; - extra = mkMerge [ - (mkEmailEntries { - inherit domain; - dkimKey = "@DKIM_KEY@"; - }) - { - subdomains = { - mta-sts = ips "manwe"; + frodo = ips "manwe" // ariadneIdProof; + }; + } + ]; + }) + (mkZone rec { + domain = my.domain.rohan; + extra = mkMerge [ + (mkEmailEntries { + inherit domain; + dkimKey = "@DKIM_KEY@"; + }) + { + subdomains = { + mta-sts = ips "manwe"; - frodo = ips "manwe" // ariadneIdProof; - }; - } - ]; - }) - ]; + frodo = ips "manwe" // ariadneIdProof; + }; + } + ]; + }) + ]; }; fail2ban.jails.nsd.enabled = true; }; networking.firewall = rec { - allowedTCPPorts = [53]; + allowedTCPPorts = [ 53 ]; allowedUDPPorts = allowedTCPPorts; }; }; diff --git a/modules/nixos/ntfy.nix b/modules/nixos/ntfy.nix index 037f84a..5739855 100644 --- a/modules/nixos/ntfy.nix +++ b/modules/nixos/ntfy.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.ntfy; -in { +in +{ options.nixfiles.modules.ntfy = { enable = mkEnableOption "ntfy"; @@ -24,7 +26,9 @@ in { }; prometheus = { - enable = mkEnableOption "Prometheus exporter." // {default = true;}; + enable = mkEnableOption "Prometheus exporter." // { + default = true; + }; address = mkOption { description = "Address."; @@ -41,11 +45,11 @@ in { }; config = mkIf cfg.enable { - ark.files = [config.services.ntfy-sh.settings.auth-file]; + ark.files = [ config.services.ntfy-sh.settings.auth-file ]; nixfiles.modules.nginx = { enable = true; - upstreams.ntfy.servers.${config.services.ntfy-sh.settings.listen-http} = {}; + upstreams.ntfy.servers.${config.services.ntfy-sh.settings.listen-http} = { }; virtualHosts.${cfg.domain} = { locations = { "/" = { @@ -67,7 +71,8 @@ in { base-url = "https://${cfg.domain}"; behind-proxy = true; enable-metrics = cfg.prometheus.enable; - metrics-listen-http = with cfg.prometheus; + metrics-listen-http = + with cfg.prometheus; optionalString cfg.prometheus.enable "${address}:${toString port}"; }; }; diff --git a/modules/nixos/nullmailer.nix b/modules/nixos/nullmailer.nix index 193b109..9f7b4ac 100644 --- a/modules/nixos/nullmailer.nix +++ b/modules/nixos/nullmailer.nix @@ -4,9 +4,11 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.nullmailer; -in { +in +{ options.nixfiles.modules.nullmailer.enable = mkEnableOption "Nullmailer"; config = mkIf cfg.enable { diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix index 4324e45..9b82757 100644 --- a/modules/nixos/openssh.nix +++ b/modules/nixos/openssh.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.openssh; -in { +in +{ options.nixfiles.modules.openssh.server = { enable = mkEnableOption "OpenSSH server"; @@ -29,15 +27,12 @@ in { services = { openssh = { enable = true; - ports = [cfg.server.port]; + ports = [ cfg.server.port ]; settings = { ClientAliveCountMax = 3; ClientAliveInterval = 60; KbdInteractiveAuthentication = false; - LogLevel = - if config.nixfiles.modules.fail2ban.enable - then "VERBOSE" - else "ERROR"; + LogLevel = if config.nixfiles.modules.fail2ban.enable then "VERBOSE" else "ERROR"; MaxAuthTries = 3; PasswordAuthentication = false; PermitRootLogin = mkForce "no"; diff --git a/modules/nixos/plausible.nix b/modules/nixos/plausible.nix index 8de54d2..d63e3ab 100644 --- a/modules/nixos/plausible.nix +++ b/modules/nixos/plausible.nix @@ -4,9 +4,11 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.plausible; -in { +in +{ options.nixfiles.modules.plausible = { enable = mkEnableOption "Plausible Analytics"; @@ -23,15 +25,18 @@ in { }; }; - config = let - db = "plausible"; - in + config = + let + db = "plausible"; + in mkIf cfg.enable { _module.args.libPlausible = { - htmlPlausibleScript = { - domain ? "$host", - src ? "https://${cfg.domain}/js/script.js", - }: ''<script defer data-domain="${domain}" src="${src}"></script>''; + htmlPlausibleScript = + { + domain ? "$host", + src ? "https://${cfg.domain}/js/script.js", + }: + ''<script defer data-domain="${domain}" src="${src}"></script>''; }; secrets = { @@ -43,7 +48,7 @@ in { nixfiles.modules = { nginx = { enable = true; - upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${cfg.domain}.locations."/" = { proxyPass = "http://plausible"; proxyWebsockets = true; @@ -62,7 +67,7 @@ in { }; services.postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; diff --git a/modules/nixos/podman.nix b/modules/nixos/podman.nix index 5e369a6..bb4fda5 100644 --- a/modules/nixos/podman.nix +++ b/modules/nixos/podman.nix @@ -5,9 +5,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.podman; -in { +in +{ options.nixfiles.modules.podman.enable = mkEnableOption "Podman"; config = mkIf cfg.enable { @@ -29,13 +31,13 @@ in { virtualisation.podman.enable = true; - environment.systemPackages = with pkgs; [podman-compose]; + environment.systemPackages = with pkgs; [ podman-compose ]; - my.extraGroups = ["podman"]; + my.extraGroups = [ "podman" ]; hm.xdg.configFile = { "containers/registries.conf".source = pkgs.writers.writeTOML "containers-registries.toml" { - registries.search.registries = ["docker.io"]; + registries.search.registries = [ "docker.io" ]; }; "containers/storage.conf".source = pkgs.writers.writeTOML "containers-storage.toml" { diff --git a/modules/nixos/postgresql.nix b/modules/nixos/postgresql.nix index 89b24b8..5081340 100644 --- a/modules/nixos/postgresql.nix +++ b/modules/nixos/postgresql.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.postgresql; -in { +in +{ options.nixfiles.modules.postgresql = { enable = mkEnableOption "PostgreSQL"; @@ -19,7 +21,7 @@ in { extraPostStart = mkOption { type = with types; listOf str; - default = []; + default = [ ]; description = '' Additional post-startup commands. @@ -37,7 +39,7 @@ in { } ]; - ark.directories = [config.services.postgresql.dataDir]; + ark.directories = [ config.services.postgresql.dataDir ]; services = { postgresql = { @@ -72,21 +74,25 @@ in { }; }; - systemd.services.postgresql.postStart = optionalString (cfg.extraPostStart != []) concatLines cfg.extraPostStart; + systemd.services.postgresql.postStart = optionalString ( + cfg.extraPostStart != [ ] + ) concatLines cfg.extraPostStart; - environment.sessionVariables.PSQLRC = toString (pkgs.writeText "psqlrc" '' - \set QUIET 1 + environment.sessionVariables.PSQLRC = toString ( + pkgs.writeText "psqlrc" '' + \set QUIET 1 - \timing - \x auto - \pset null '[NULL]' - \set PROMPT1 '%[%033[1m%]%M %n@%/%R%[%033[0m%]% λ ' - \set PROMPT2 ' … > ' - \set VERBOSITY verbose - \set HISTCONTROL ignoredups - \set HISTFILE /dev/null + \timing + \x auto + \pset null '[NULL]' + \set PROMPT1 '%[%033[1m%]%M %n@%/%R%[%033[0m%]% λ ' + \set PROMPT2 ' … > ' + \set VERBOSITY verbose + \set HISTCONTROL ignoredups + \set HISTFILE /dev/null - \unset QUIET - ''); + \unset QUIET + '' + ); }; } diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix index 2027758..93c46e3 100644 --- a/modules/nixos/profiles/default.nix +++ b/modules/nixos/profiles/default.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.default; -in { +in +{ imports = [ ./dev ./headful.nix @@ -14,7 +16,7 @@ in { ]; config = mkIf cfg.enable { - ark.directories = ["/var/log"]; + ark.directories = [ "/var/log" ]; programs.less = { enable = true; diff --git a/modules/nixos/profiles/dev/containers.nix b/modules/nixos/profiles/dev/containers.nix index 67754c0..d2a7d62 100644 --- a/modules/nixos/profiles/dev/containers.nix +++ b/modules/nixos/profiles/dev/containers.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.dev.containers; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules = { common.shell.aliases.b = "buildah"; @@ -17,10 +19,10 @@ in { home = { sessionVariables.MINIKUBE_HOME = "${config.dirs.config}/minikube"; - packages = with pkgs; [buildah]; + packages = with pkgs; [ buildah ]; }; - xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} { + xdg.dataFile."minikube/config/config.json".text = generators.toJSON { } { config.Rootless = true; driver = "podman"; container-runtime = "cri-o"; diff --git a/modules/nixos/profiles/dev/default.nix b/modules/nixos/profiles/dev/default.nix index 5253e95..d2411ea 100644 --- a/modules/nixos/profiles/dev/default.nix +++ b/modules/nixos/profiles/dev/default.nix @@ -4,12 +4,12 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.dev; -in { - imports = [ - ./containers.nix - ]; +in +{ + imports = [ ./containers.nix ]; config = mkIf cfg.enable { hm.home.language = { diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix index d8e1699..8206aa8 100644 --- a/modules/nixos/profiles/headful.nix +++ b/modules/nixos/profiles/headful.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.headful; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules = { chromium.enable = true; @@ -77,7 +79,7 @@ in { psd.enable = true; }; - environment.systemPackages = with pkgs; [lm_sensors]; + environment.systemPackages = with pkgs; [ lm_sensors ]; my.extraGroups = [ "audio" diff --git a/modules/nixos/profiles/headless.nix b/modules/nixos/profiles/headless.nix index d1fcfa4..f3f3572 100644 --- a/modules/nixos/profiles/headless.nix +++ b/modules/nixos/profiles/headless.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.profiles.headless; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules = { openssh.server.enable = true; @@ -33,7 +35,7 @@ in { optimise = { automatic = true; - dates = ["daily"]; + dates = [ "daily" ]; }; }; diff --git a/modules/nixos/prometheus.nix b/modules/nixos/prometheus.nix index 0320e82..9f28cd5 100644 --- a/modules/nixos/prometheus.nix +++ b/modules/nixos/prometheus.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.prometheus; -in { +in +{ options.nixfiles.modules.prometheus = { enable = mkEnableOption "Prometheus"; @@ -26,7 +28,7 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = with cfg; { enable = true; - upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${domain} = { locations."/".proxyPass = "http://prometheus"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/promtail.nix b/modules/nixos/promtail.nix index 28dc897..65d88d4 100644 --- a/modules/nixos/promtail.nix +++ b/modules/nixos/promtail.nix @@ -4,9 +4,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.promtail; -in { +in +{ options.nixfiles.modules.promtail = { enable = mkEnableOption "Promtail"; @@ -25,7 +27,7 @@ in { filters = mkOption { description = ''Filters to use with "scrape_config.pipeline_stages".''; type = with types; listOf attrs; - default = []; + default = [ ]; }; }; @@ -64,60 +66,63 @@ in { job_name = "journal"; journal.max_age = "24h"; relabel_configs = - map (n: let - label = toLower n; - in { - source_labels = ["__journal_${label}"]; - target_label = - if hasPrefix "_" label - then substring 1 (stringLength label - 1) label - else label; - }) [ - # Derived from systemd.journal fields[1]. - # - # [1]: https://github.com/coreos/go-systemd/blob/main/sdjournal/journal.go#L335 - # [1]: https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html + map + ( + n: + let + label = toLower n; + in + { + source_labels = [ "__journal_${label}" ]; + target_label = if hasPrefix "_" label then substring 1 (stringLength label - 1) label else label; + } + ) + [ + # Derived from systemd.journal fields[1]. + # + # [1]: https://github.com/coreos/go-systemd/blob/main/sdjournal/journal.go#L335 + # [1]: https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html - "MESSAGE" - # "MESSAGE_ID" - "PRIORITY" - # "CODE_FILE" - # "CODE_LINE" - # "CODE_FUNC" - # "ERRNO" - "SYSLOG_FACILITY" - "SYSLOG_IDENTIFIER" - # "SYSLOG_PID" - # "_PID" - # "_UID" - # "_GID" - # "_COMM" - # "_EXE" - "_CMDLINE" - # "_CAP_EFFECTIVE" - # "_AUDIT_SESSION" - # "_AUDIT_LOGINUID" - # "_SYSTEMD_CGROUP" - # "_SYSTEMD_SESSION" - # "_SYSTEMD_UNIT" - # "_SYSTEMD_USER_UNIT" - # "_SYSTEMD_OWNER_UID" - # "_SYSTEMD_SLICE" - # "_SELINUX_CONTEXT" - # "_SOURCE_REALTIME_TIMESTAMP" - # "_BOOT_ID" - # "_MACHINE_ID" - "_HOSTNAME" - # "_TRANSPORT" - # "__CURSOR" - # "__REALTIME_TIMESTAMP" - # "__MONOTONIC_TIMESTAMP" - ] + "MESSAGE" + # "MESSAGE_ID" + "PRIORITY" + # "CODE_FILE" + # "CODE_LINE" + # "CODE_FUNC" + # "ERRNO" + "SYSLOG_FACILITY" + "SYSLOG_IDENTIFIER" + # "SYSLOG_PID" + # "_PID" + # "_UID" + # "_GID" + # "_COMM" + # "_EXE" + "_CMDLINE" + # "_CAP_EFFECTIVE" + # "_AUDIT_SESSION" + # "_AUDIT_LOGINUID" + # "_SYSTEMD_CGROUP" + # "_SYSTEMD_SESSION" + # "_SYSTEMD_UNIT" + # "_SYSTEMD_USER_UNIT" + # "_SYSTEMD_OWNER_UID" + # "_SYSTEMD_SLICE" + # "_SELINUX_CONTEXT" + # "_SOURCE_REALTIME_TIMESTAMP" + # "_BOOT_ID" + # "_MACHINE_ID" + "_HOSTNAME" + # "_TRANSPORT" + # "__CURSOR" + # "__REALTIME_TIMESTAMP" + # "__MONOTONIC_TIMESTAMP" + ] ++ [ { # This is weird. I can't find where is this defined in the # source code but apparently it exists. - source_labels = ["__journal_priority_keyword"]; + source_labels = [ "__journal_priority_keyword" ]; target_label = "level"; } ]; diff --git a/modules/nixos/psd.nix b/modules/nixos/psd.nix index eb5a1a8..f974af2 100644 --- a/modules/nixos/psd.nix +++ b/modules/nixos/psd.nix @@ -4,15 +4,16 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.psd; -in { - options.nixfiles.modules.psd.enable = - mkEnableOption "Profile Sync Daemon"; +in +{ + options.nixfiles.modules.psd.enable = mkEnableOption "Profile Sync Daemon"; config = mkIf cfg.enable { hm = { - home.packages = with pkgs; [profile-sync-daemon]; + home.packages = with pkgs; [ profile-sync-daemon ]; xdg.configFile."psd/psd.conf".text = '' USE_OVERLAYFS="yes" @@ -20,40 +21,42 @@ in { }; systemd.user = { - services = let - exe = getExe' pkgs.profile-sync-daemon "profile-sync-daemon"; - in { - psd = { - unitConfig = { - Description = "Profile-sync-daemon"; - Wants = ["psd-resync.service"]; - RequiresMountsFor = "/home/"; - After = ["local-fs.target"]; - }; - serviceConfig = { - RemainAfterExit = true; - ExecStart = "${exe} startup"; - ExecStop = "${exe} unsync"; + services = + let + exe = getExe' pkgs.profile-sync-daemon "profile-sync-daemon"; + in + { + psd = { + unitConfig = { + Description = "Profile-sync-daemon"; + Wants = [ "psd-resync.service" ]; + RequiresMountsFor = "/home/"; + After = [ "local-fs.target" ]; + }; + serviceConfig = { + RemainAfterExit = true; + ExecStart = "${exe} startup"; + ExecStop = "${exe} unsync"; + }; + wantedBy = [ "graphical.target" ]; }; - wantedBy = ["graphical.target"]; - }; - psd-resync = { - unitConfig = { - Description = "Profile-sync-daemon resync"; - After = ["psd.service"]; - Wants = ["psd-resync.timer"]; - BindsTo = ["psd.service"]; + psd-resync = { + unitConfig = { + Description = "Profile-sync-daemon resync"; + After = [ "psd.service" ]; + Wants = [ "psd-resync.timer" ]; + BindsTo = [ "psd.service" ]; + }; + serviceConfig.ExecStart = "${exe} resync"; + wantedBy = [ "graphical.target" ]; }; - serviceConfig.ExecStart = "${exe} resync"; - wantedBy = ["graphical.target"]; }; - }; timers.psd-resync = { unitConfig = { Description = "Profile-sync-daemon resync timer"; - BindsTo = ["psd.service"]; + BindsTo = [ "psd.service" ]; }; timerConfig.OnUnitActiveSec = "1h"; }; diff --git a/modules/nixos/radarr.nix b/modules/nixos/radarr.nix index 72abfac..9e4e13f 100644 --- a/modules/nixos/radarr.nix +++ b/modules/nixos/radarr.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.radarr; -in { +in +{ options.nixfiles.modules.radarr = { enable = mkEnableOption "Radarr"; @@ -18,11 +20,11 @@ in { }; config = mkIf cfg.enable { - ark.directories = ["/var/lib/radarr"]; + ark.directories = [ "/var/lib/radarr" ]; nixfiles.modules.nginx = { enable = true; - upstreams.radarr.servers."127.0.0.1:7878" = {}; + upstreams.radarr.servers."127.0.0.1:7878" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://radarr"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/radicale.nix b/modules/nixos/radicale.nix index 588ed51..59fb4a2 100644 --- a/modules/nixos/radicale.nix +++ b/modules/nixos/radicale.nix @@ -5,9 +5,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.radicale; -in { +in +{ options.nixfiles.modules.radicale = { enable = mkEnableOption "Radicale"; @@ -18,11 +20,12 @@ in { }; }; - config = let - port = 5232; - in + config = + let + port = 5232; + in mkIf cfg.enable { - ark.directories = ["/var/lib/radicale"]; + ark.directories = [ "/var/lib/radicale" ]; secrets.radicale-htpasswd = { file = "${inputs.self}/secrets/radicale-htpasswd"; @@ -32,7 +35,7 @@ in { nixfiles.modules.nginx = { enable = true; - upstreams.radicale.servers."127.0.0.1:${toString port}" = {}; + upstreams.radicale.servers."127.0.0.1:${toString port}" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://radicale"; extraConfig = libNginx.config.internalOnly; @@ -42,7 +45,7 @@ in { services.radicale = { enable = true; settings = { - server.hosts = ["127.0.0.1:${toString port}"]; + server.hosts = [ "127.0.0.1:${toString port}" ]; web.type = "none"; auth = { type = "htpasswd"; diff --git a/modules/nixos/redis.nix b/modules/nixos/redis.nix index ca25101..e2151c7 100644 --- a/modules/nixos/redis.nix +++ b/modules/nixos/redis.nix @@ -4,13 +4,15 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.redis; -in { +in +{ options.nixfiles.modules.redis.enable = mkEnableOption "Redis"; config = mkIf cfg.enable { - ark.directories = ["/var/lib/redis-default"]; + ark.directories = [ "/var/lib/redis-default" ]; services = { redis = { diff --git a/modules/nixos/rss-bridge.nix b/modules/nixos/rss-bridge.nix index 486f2bf..de1d6b6 100644 --- a/modules/nixos/rss-bridge.nix +++ b/modules/nixos/rss-bridge.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.rss-bridge; -in { +in +{ options.nixfiles.modules.rss-bridge = { enable = mkEnableOption "RSS-Bridge"; @@ -18,7 +20,7 @@ in { }; config = mkIf cfg.enable { - ark.directories = ["/var/lib/rss-bridge"]; + ark.directories = [ "/var/lib/rss-bridge" ]; nixfiles.modules.nginx = { enable = true; @@ -28,7 +30,7 @@ in { services.rss-bridge = { enable = true; virtualHost = cfg.domain; - whitelist = ["*"]; + whitelist = [ "*" ]; }; }; } diff --git a/modules/nixos/rtorrent.nix b/modules/nixos/rtorrent.nix index c39f306..82ef1b2 100644 --- a/modules/nixos/rtorrent.nix +++ b/modules/nixos/rtorrent.nix @@ -5,14 +5,18 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.rtorrent; -in { +in +{ options.nixfiles.modules.rtorrent = { enable = mkEnableOption "rTorrent"; flood = { - enable = mkEnableOption "Flood" // {default = cfg.enable;}; + enable = mkEnableOption "Flood" // { + default = cfg.enable; + }; domain = mkOption { description = "Domain name sans protocol scheme."; @@ -22,202 +26,223 @@ in { }; }; - config = let - user = "rtorrent"; - group = "rtorrent"; - baseDir = "/var/lib/rtorrent"; - rpcSocket = "${baseDir}/rpc.socket"; - in + config = + let + user = "rtorrent"; + group = "rtorrent"; + baseDir = "/var/lib/rtorrent"; + rpcSocket = "${baseDir}/rpc.socket"; + in mkIf cfg.enable (mkMerge [ - (let - port = 50000; - in { - ark.directories = [baseDir]; - - systemd = { - services.rtorrent = { - description = "rTorrent"; - after = ["network.target" "local-fs.target"]; - serviceConfig = let - leechDir = "${baseDir}/leech"; - seedDir = "${baseDir}/seed"; - sessionDir = "${baseDir}/session"; - logDir = "${baseDir}/log"; - configFile = let - moveCompleted = getExe (pkgs.writeShellApplication { - name = "move-completed"; - runtimeInputs = with pkgs; [ - coreutils-full - gnused - findutils + ( + let + port = 50000; + in + { + ark.directories = [ baseDir ]; + + systemd = { + services.rtorrent = { + description = "rTorrent"; + after = [ + "network.target" + "local-fs.target" + ]; + serviceConfig = + let + leechDir = "${baseDir}/leech"; + seedDir = "${baseDir}/seed"; + sessionDir = "${baseDir}/session"; + logDir = "${baseDir}/log"; + configFile = + let + moveCompleted = getExe ( + pkgs.writeShellApplication { + name = "move-completed"; + runtimeInputs = with pkgs; [ + coreutils-full + gnused + findutils + ]; + text = '' + set -x + + leech_path="$1" + seed_path="$2" + # seed_path="$(echo "$2" | sed 's@+@ @g;s@%@\\x@g' | xargs -0 printf '%b')" + + mkdir -pv "$seed_path" + mv -fv "$leech_path" "$seed_path" + ''; + } + ); + in + pkgs.writeText "rtorrent.rc" '' + method.insert = cfg.leech, private|const|string, (cat, "${leechDir}") + method.insert = cfg.seed, private|const|string, (cat, "${seedDir}") + method.insert = cfg.session, private|const|string, (cat, "${sessionDir}") + method.insert = cfg.log, private|const|string, (cat, "${logDir}") + method.insert = cfg.rpcsocket, private|const|string, (cat, "${rpcSocket}") + + directory.default.set = (cat, (cfg.leech)) + session.path.set = (cat, (cfg.session)) + + network.port_range.set = ${toString port}-${toString port} + network.port_random.set = no + + dht.mode.set = disable + protocol.pex.set = no + + trackers.use_udp.set = no + + protocol.encryption.set = allow_incoming,try_outgoing,enable_retry + + pieces.memory.max.set = ${toString (pow 2 11)}M + pieces.preload.type.set = 2 + + network.xmlrpc.size_limit.set = ${toString (pow 2 17)} + + network.max_open_files.set = ${toString (pow 2 10)} + network.max_open_sockets.set = ${toString (pow 2 10)} + + network.http.max_open.set = ${toString (pow 2 8)} + + throttle.global_down.max_rate.set_kb = 0 + throttle.global_up.max_rate.set_kb = 0 + + encoding.add = UTF-8 + system.umask.set = 0027 + system.cwd.set = (directory.default) + + network.scgi.open_local = (cat, (cfg.rpcsocket)) + + method.insert = d.move_completed, simple, "\ + d.directory.set=$argument.1=;\ + execute=${moveCompleted}, $argument.0=, $argument.1=;\ + d.save_full_session=\ + " + method.insert = d.leech_path, simple, "\ + if=(d.is_multi_file),\ + (cat, (d.directory), /),\ + (cat, (d.directory), /, (d.name))\ + " + method.insert = d.seed_path, simple, "\ + cat=$cfg.seed=, /, $d.custom1=\ + " + method.set_key = event.download.finished, move_complete, "\ + d.move_completed=$d.leech_path=, $d.seed_path=\ + " + + log.open_file = "log", (cat, (cfg.log), "/", "default.log") + log.add_output = "info", "log" + log.execute = (cat, (cfg.log), "/", "execute.log") + ''; + in + { + Restart = "on-failure"; + RestartSec = 3; + + KillMode = "process"; + KillSignal = "SIGHUP"; + + User = user; + Group = group; + + ExecStartPre = concatStringsSep " " [ + "${pkgs.coreutils-full}/bin/mkdir -p" + leechDir + seedDir + sessionDir + logDir + ]; + ExecStart = concatStringsSep " " [ + (getExe pkgs.rtorrent) + "-n" + "-o system.daemon.set=true" + "-o network.bind_address.set=0.0.0.0" + "-o import=${configFile}" + ]; + ExecStop = concatStringsSep " " [ + "${pkgs.coreutils-full}/bin/rm -rf" + rpcSocket ]; - text = '' - set -x - - leech_path="$1" - seed_path="$2" - # seed_path="$(echo "$2" | sed 's@+@ @g;s@%@\\x@g' | xargs -0 printf '%b')" - - mkdir -pv "$seed_path" - mv -fv "$leech_path" "$seed_path" - ''; - }); - in - pkgs.writeText "rtorrent.rc" '' - method.insert = cfg.leech, private|const|string, (cat, "${leechDir}") - method.insert = cfg.seed, private|const|string, (cat, "${seedDir}") - method.insert = cfg.session, private|const|string, (cat, "${sessionDir}") - method.insert = cfg.log, private|const|string, (cat, "${logDir}") - method.insert = cfg.rpcsocket, private|const|string, (cat, "${rpcSocket}") - - directory.default.set = (cat, (cfg.leech)) - session.path.set = (cat, (cfg.session)) - - network.port_range.set = ${toString port}-${toString port} - network.port_random.set = no - - dht.mode.set = disable - protocol.pex.set = no - - trackers.use_udp.set = no - - protocol.encryption.set = allow_incoming,try_outgoing,enable_retry - - pieces.memory.max.set = ${toString (pow 2 11)}M - pieces.preload.type.set = 2 - - network.xmlrpc.size_limit.set = ${toString (pow 2 17)} - - network.max_open_files.set = ${toString (pow 2 10)} - network.max_open_sockets.set = ${toString (pow 2 10)} - - network.http.max_open.set = ${toString (pow 2 8)} - - throttle.global_down.max_rate.set_kb = 0 - throttle.global_up.max_rate.set_kb = 0 - - encoding.add = UTF-8 - system.umask.set = 0027 - system.cwd.set = (directory.default) - - network.scgi.open_local = (cat, (cfg.rpcsocket)) - - method.insert = d.move_completed, simple, "\ - d.directory.set=$argument.1=;\ - execute=${moveCompleted}, $argument.0=, $argument.1=;\ - d.save_full_session=\ - " - method.insert = d.leech_path, simple, "\ - if=(d.is_multi_file),\ - (cat, (d.directory), /),\ - (cat, (d.directory), /, (d.name))\ - " - method.insert = d.seed_path, simple, "\ - cat=$cfg.seed=, /, $d.custom1=\ - " - method.set_key = event.download.finished, move_complete, "\ - d.move_completed=$d.leech_path=, $d.seed_path=\ - " - - log.open_file = "log", (cat, (cfg.log), "/", "default.log") - log.add_output = "info", "log" - log.execute = (cat, (cfg.log), "/", "execute.log") - ''; - in { - Restart = "on-failure"; - RestartSec = 3; - - KillMode = "process"; - KillSignal = "SIGHUP"; - User = user; - Group = group; + RuntimeDirectory = "rtorrent"; + RuntimeDirectoryMode = 750; + UMask = 27; + AmbientCapabilities = [ "" ]; + CapabilityBoundingSet = [ "" ]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProcSubset = "pid"; + RemoveIPC = true; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@resources" + "~@privileged" + ]; + }; + wantedBy = [ "multi-user.target" ]; + }; - ExecStartPre = concatStringsSep " " [ - "${pkgs.coreutils-full}/bin/mkdir -p" - leechDir - seedDir - sessionDir - logDir - ]; - ExecStart = concatStringsSep " " [ - (getExe pkgs.rtorrent) - "-n" - "-o system.daemon.set=true" - "-o network.bind_address.set=0.0.0.0" - "-o import=${configFile}" - ]; - ExecStop = concatStringsSep " " [ - "${pkgs.coreutils-full}/bin/rm -rf" - rpcSocket - ]; + tmpfiles.rules = [ "d '${baseDir}' 0750 ${user} ${group} -" ]; + }; - RuntimeDirectory = "rtorrent"; - RuntimeDirectoryMode = 0750; - UMask = 0027; - AmbientCapabilities = [""]; - CapabilityBoundingSet = [""]; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProcSubset = "pid"; - RemoveIPC = true; - RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = ["@system-service" "~@resources" "~@privileged"]; + users = { + users.${user} = { + inherit group; + shell = pkgs.bashInteractive; + home = baseDir; + description = "rTorrent"; + isSystemUser = true; }; - wantedBy = ["multi-user.target"]; + groups.${group} = { }; }; - - tmpfiles.rules = ["d '${baseDir}' 0750 ${user} ${group} -"]; - }; - - users = { - users.${user} = { - inherit group; - shell = pkgs.bashInteractive; - home = baseDir; - description = "rTorrent"; - isSystemUser = true; + my.extraGroups = [ group ]; + + networking.firewall.allowedTCPPorts = [ port ]; + + boot.kernel.sysctl = { + "net.core.rmem_max" = mkOverride 500 (pow 2 24); + "net.core.wmem_max" = mkOverride 500 (pow 2 24); + "net.ipv4.tcp_fin_timeout" = mkOverride 500 30; + "net.ipv4.tcp_rmem" = mkOverride 500 (mkTcpMem 12 23 24); + "net.ipv4.tcp_slow_start_after_idle" = 0; + "net.ipv4.tcp_tw_recycle" = mkOverride 500 1; + "net.ipv4.tcp_tw_reuse" = mkOverride 500 1; + "net.ipv4.tcp_wmem" = mkOverride 500 (mkTcpMem 12 23 24); }; - groups.${group} = {}; - }; - my.extraGroups = [group]; - - networking.firewall.allowedTCPPorts = [port]; - - boot.kernel.sysctl = { - "net.core.rmem_max" = mkOverride 500 (pow 2 24); - "net.core.wmem_max" = mkOverride 500 (pow 2 24); - "net.ipv4.tcp_fin_timeout" = mkOverride 500 30; - "net.ipv4.tcp_rmem" = mkOverride 500 (mkTcpMem 12 23 24); - "net.ipv4.tcp_slow_start_after_idle" = 0; - "net.ipv4.tcp_tw_recycle" = mkOverride 500 1; - "net.ipv4.tcp_tw_reuse" = mkOverride 500 1; - "net.ipv4.tcp_wmem" = mkOverride 500 (mkTcpMem 12 23 24); - }; - }) - (let - port = 50001; - pkg = pkgs.nodePackages.flood; - in + } + ) + ( + let + port = 50001; + pkg = pkgs.nodePackages.flood; + in mkIf cfg.flood.enable { nixfiles.modules.nginx = { enable = true; - upstreams.flood.servers."127.0.0.1:${toString port}" = {}; + upstreams.flood.servers."127.0.0.1:${toString port}" = { }; virtualHosts.${cfg.flood.domain} = { root = "${pkg}/lib/node_modules/flood/dist/assets"; locations = { @@ -233,8 +258,11 @@ in { systemd.services.flood = { description = "Flood"; - after = ["network.target" "rtorrent.service"]; - path = with pkgs; [mediainfo]; + after = [ + "network.target" + "rtorrent.service" + ]; + path = with pkgs; [ mediainfo ]; serviceConfig = { Restart = "on-failure"; RestartSec = 3; @@ -255,10 +283,10 @@ in { ]; RuntimeDirectory = "rtorrent"; - RuntimeDirectoryMode = 0750; - UMask = 0027; - AmbientCapabilities = [""]; - CapabilityBoundingSet = [""]; + RuntimeDirectoryMode = 750; + UMask = 27; + AmbientCapabilities = [ "" ]; + CapabilityBoundingSet = [ "" ]; LockPersonality = true; NoNewPrivileges = true; PrivateDevices = true; @@ -274,7 +302,11 @@ in { ProcSubset = "pid"; ProtectProc = "invisible"; RemoveIPC = true; - RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; @@ -288,8 +320,9 @@ in { "~@resources" ]; }; - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; }; - }) + } + ) ]); } diff --git a/modules/nixos/searx.nix b/modules/nixos/searx.nix index 5c37f58..de51a20 100644 --- a/modules/nixos/searx.nix +++ b/modules/nixos/searx.nix @@ -5,9 +5,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.searx; -in { +in +{ options.nixfiles.modules.searx = { enable = mkEnableOption "SearX"; @@ -33,7 +35,7 @@ in { nixfiles.modules.nginx = { enable = true; - upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://searx"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/shadowsocks.nix b/modules/nixos/shadowsocks.nix index 69688da..670faec 100644 --- a/modules/nixos/shadowsocks.nix +++ b/modules/nixos/shadowsocks.nix @@ -5,9 +5,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.shadowsocks; -in { +in +{ options.nixfiles.modules.shadowsocks = { enable = mkEnableOption "Shadowsocks"; @@ -31,61 +33,65 @@ in { systemd.services.shadowsocks = { description = "Shadowsocks"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; serviceConfig = { DynamicUser = true; RuntimeDirectory = "shadowsocks"; LoadCredential = "secret.json:${config.secrets.shadowsocks-json.path}"; - ExecStartPre = let - mergeJson = let - configFile = pkgs.writeText "config.json" (generators.toJSON {} { - server = "::"; - server_port = cfg.port; - # Can't really use AEAD-2022[1] just yet because it's not - # supported by some[2] clients. - # - # [1]: https://shadowsocks.org/doc/sip022.html - # [2]: https://github.com/shadowsocks/ShadowsocksX-NG/issues/1480 - # [2]: https://github.com/shadowsocks/shadowsocks-windows/issues/3448 - # method = "2022-blake3-chacha20-poly1305"; - method = "chacha20-ietf-poly1305"; - password = null; # Must be set as a secret. - users = null; # Muse be set as a secret. - fast_open = true; - acl = pkgs.writeText "block-internal-access.acl" '' - [outbound_block_list] - 0.0.0.0/8 - 10.0.0.0/8 - 100.64.0.0/10 - 127.0.0.0/8 - 169.254.0.0/16 - 172.16.0.0/12 - 192.0.0.0/24 - 192.0.2.0/24 - 192.88.99.0/24 - 192.168.0.0/16 - 198.18.0.0/15 - 198.51.100.0/24 - 203.0.113.0/24 - 224.0.0.0/4 - 240.0.0.0/4 - 255.255.255.255/32 - ::1/128 - ::ffff:127.0.0.1/104 - fc00::/7 - fe80::/10 + ExecStartPre = + let + mergeJson = + let + configFile = pkgs.writeText "config.json" ( + generators.toJSON { } { + server = "::"; + server_port = cfg.port; + # Can't really use AEAD-2022[1] just yet because it's not + # supported by some[2] clients. + # + # [1]: https://shadowsocks.org/doc/sip022.html + # [2]: https://github.com/shadowsocks/ShadowsocksX-NG/issues/1480 + # [2]: https://github.com/shadowsocks/shadowsocks-windows/issues/3448 + # method = "2022-blake3-chacha20-poly1305"; + method = "chacha20-ietf-poly1305"; + password = null; # Must be set as a secret. + users = null; # Muse be set as a secret. + fast_open = true; + acl = pkgs.writeText "block-internal-access.acl" '' + [outbound_block_list] + 0.0.0.0/8 + 10.0.0.0/8 + 100.64.0.0/10 + 127.0.0.0/8 + 169.254.0.0/16 + 172.16.0.0/12 + 192.0.0.0/24 + 192.0.2.0/24 + 192.88.99.0/24 + 192.168.0.0/16 + 198.18.0.0/15 + 198.51.100.0/24 + 203.0.113.0/24 + 224.0.0.0/4 + 240.0.0.0/4 + 255.255.255.255/32 + ::1/128 + ::ffff:127.0.0.1/104 + fc00::/7 + fe80::/10 + ''; + } + ); + in + pkgs.writeShellScript "meregeJson" '' + ${getExe pkgs.jq} \ + -s '.[0] * .[1]' \ + ${configFile} \ + $CREDENTIALS_DIRECTORY/secret.json \ + >$RUNTIME_DIRECTORY/config.json ''; - }); in - pkgs.writeShellScript "meregeJson" '' - ${getExe pkgs.jq} \ - -s '.[0] * .[1]' \ - ${configFile} \ - $CREDENTIALS_DIRECTORY/secret.json \ - >$RUNTIME_DIRECTORY/config.json - ''; - in mergeJson; ExecStart = "${pkgs.shadowsocks-rust}/bin/ssserver --config \${RUNTIME_DIRECTORY}/config.json"; }; @@ -100,7 +106,7 @@ in { ''; }; - networking.firewall.allowedTCPPorts = [cfg.port]; + networking.firewall.allowedTCPPorts = [ cfg.port ]; # https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks boot.kernel.sysctl = { diff --git a/modules/nixos/soju.nix b/modules/nixos/soju.nix index 71dff86..f8212b5 100644 --- a/modules/nixos/soju.nix +++ b/modules/nixos/soju.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.soju; -in { +in +{ options.nixfiles.modules.soju = { enable = mkEnableOption "soju"; @@ -30,7 +32,9 @@ in { }; prometheus = { - enable = mkEnableOption "Prometheus exporter" // {default = true;}; + enable = mkEnableOption "Prometheus exporter" // { + default = true; + }; port = mkOption { description = "Port."; @@ -40,9 +44,10 @@ in { }; }; - config = let - db = "soju"; - in + config = + let + db = "soju"; + in mkIf cfg.enable { nixfiles.modules = { acme.enable = true; @@ -58,7 +63,7 @@ in { }; services.postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; @@ -69,41 +74,41 @@ in { systemd.services.soju = { description = "soju IRC bouncer"; - wantedBy = ["multi-user.target"]; - wants = ["network-online.target"]; - requires = ["postgresql.service"]; - after = ["network-online.target" "postgresql.service"]; + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + requires = [ "postgresql.service" ]; + after = [ + "network-online.target" + "postgresql.service" + ]; serviceConfig = { - ExecStart = let - # https://soju.im/doc/soju.1.html - configFile = pkgs.writeText "soju.conf" '' - listen ircs://${cfg.address}:${toString cfg.port} - tls ${with config.certs.${cfg.domain}; "${directory}/fullchain.pem ${directory}/key.pem"} - ${ - with cfg.prometheus; - optionalString enable - "listen http+prometheus://localhost:${toString port}" - } - db postgres ${ - concatStringsSep " " [ - "host=/run/postgresql" - "user=${db}" - "dbname=${db}" - "sslmode=disable" - ] - } - hostname ${cfg.domain} - title ${cfg.domain} - ''; - in + ExecStart = + let + # https://soju.im/doc/soju.1.html + configFile = pkgs.writeText "soju.conf" '' + listen ircs://${cfg.address}:${toString cfg.port} + tls ${with config.certs.${cfg.domain}; "${directory}/fullchain.pem ${directory}/key.pem"} + ${with cfg.prometheus; optionalString enable "listen http+prometheus://localhost:${toString port}"} + db postgres ${ + concatStringsSep " " [ + "host=/run/postgresql" + "user=${db}" + "dbname=${db}" + "sslmode=disable" + ] + } + hostname ${cfg.domain} + title ${cfg.domain} + ''; + in concatStringsSep " " [ (getExe' pkgs.soju "soju") "-config ${configFile}" ]; DynamicUser = true; - SupplementaryGroups = [config.services.nginx.group]; - AmbientCapabilities = [""]; - CapabilityBoundingSet = [""]; + SupplementaryGroups = [ config.services.nginx.group ]; + AmbientCapabilities = [ "" ]; + CapabilityBoundingSet = [ "" ]; UMask = "0077"; LockPersonality = true; MemoryDenyWriteExecute = true; @@ -122,12 +127,19 @@ in { ProtectProc = "invisible"; ProcSubset = "pid"; RemoveIPC = true; - RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; - SystemCallFilter = ["@system-service" "~@privileged"]; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; }; }; }; diff --git a/modules/nixos/solaar.nix b/modules/nixos/solaar.nix index ccfff4a..17a04de 100644 --- a/modules/nixos/solaar.nix +++ b/modules/nixos/solaar.nix @@ -4,49 +4,59 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.solaar; -in { +in +{ options.nixfiles.modules.solaar = { enable = mkEnableOption "Solaar"; }; config = mkIf cfg.enable { hm = { - home.packages = with pkgs; [solaar]; + home.packages = with pkgs; [ solaar ]; systemd.user.services.solaar = { Unit = { Description = "Device manager for Logitech devices"; - After = ["graphical-session-pre.target"]; - PartOf = ["graphical-session.target"]; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; }; Service = { # The dirtiest hack I've ever implemented... I should be ashamed of # it. Regardless, that shit still doesn't work because each reconnect, # /dev/hidraw* is recreated and has default permissions which breaks # Solaar. Fuck this shit. - ExecStartPre = getExe (pkgs.writeShellApplication { - name = "solaar-pre"; - text = '' - for i in /dev/hidraw*; do - if [ -c "$i" ]; then - sudo chown root:input "$i" - sudo chmod 0660 "$i" - fi - done - ''; - }); + ExecStartPre = getExe ( + pkgs.writeShellApplication { + name = "solaar-pre"; + text = '' + for i in /dev/hidraw*; do + if [ -c "$i" ]; then + sudo chown root:input "$i" + sudo chmod 0660 "$i" + fi + done + ''; + } + ); ExecStart = "${getExe pkgs.solaar "solaar"} --window=hide"; }; - Install.WantedBy = ["graphical-session.target"]; + Install.WantedBy = [ "graphical-session.target" ]; }; }; - boot.kernelModules = ["hid_logitech_dj" "hid_logitech_hidpp"]; + boot.kernelModules = [ + "hid_logitech_dj" + "hid_logitech_hidpp" + ]; hardware.uinput.enable = true; - my.extraGroups = ["uinput" "input"]; + my.extraGroups = [ + "uinput" + "input" + ]; }; } diff --git a/modules/nixos/sonarr.nix b/modules/nixos/sonarr.nix index 5cd8931..b11dda0 100644 --- a/modules/nixos/sonarr.nix +++ b/modules/nixos/sonarr.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.sonarr; -in { +in +{ options.nixfiles.modules.sonarr = { enable = mkEnableOption "Sonarr"; @@ -18,11 +20,11 @@ in { }; config = mkIf cfg.enable { - ark.directories = ["/var/lib/sonarr"]; + ark.directories = [ "/var/lib/sonarr" ]; nixfiles.modules.nginx = { enable = true; - upstreams.sonarr.servers."127.0.0.1:8989" = {}; + upstreams.sonarr.servers."127.0.0.1:8989" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://sonarr"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/sound.nix b/modules/nixos/sound.nix index 073d59c..ff90dfc 100644 --- a/modules/nixos/sound.nix +++ b/modules/nixos/sound.nix @@ -1,13 +1,10 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.sound; -in { - options.nixfiles.modules.sound.enable = - mkEnableOption "sound support"; +in +{ + options.nixfiles.modules.sound.enable = mkEnableOption "sound support"; config = mkIf cfg.enable { services.pipewire = { diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix index ecc983f..74d4afe 100644 --- a/modules/nixos/syncthing.nix +++ b/modules/nixos/syncthing.nix @@ -6,9 +6,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.syncthing; -in { +in +{ options.nixfiles.modules.syncthing = { enable = mkEnableOption "Syncthing"; @@ -74,7 +76,8 @@ in { insecureSkipHostcheck = this.isHeadless; }; - devices = mapAttrs (name: attr: + devices = mapAttrs ( + name: attr: mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) { inherit (attr.syncthing) id; compression = "metadata"; @@ -82,30 +85,33 @@ in { address = "tcp://${name}.${config.networking.domain}:22000"; autoAcceptFolders = true; untrusted = false; - }) - my.configurations; - - folders = let - filterDevices = f: - attrNames (filterAttrs (_: attr: - (attr.hostname != this.hostname) - && (attr.syncthing.id != null) - && f attr) - my.configurations); - all = filterDevices (_: true); - notHeadless = filterDevices (attr: !attr.isHeadless); - notOther = filterDevices (attr: !attr.isOther); - - simple = { - type = "simple"; - params.keep = "5"; - }; - trashcan = { - type = "trashcan"; - params.cleanoutDays = "7"; - }; - in - with config.hm.xdg.userDirs; { + } + ) my.configurations; + + folders = + let + filterDevices = + f: + attrNames ( + filterAttrs ( + _: attr: (attr.hostname != this.hostname) && (attr.syncthing.id != null) && f attr + ) my.configurations + ); + all = filterDevices (_: true); + notHeadless = filterDevices (attr: !attr.isHeadless); + notOther = filterDevices (attr: !attr.isOther); + + simple = { + type = "simple"; + params.keep = "5"; + }; + trashcan = { + type = "trashcan"; + params.cleanoutDays = "7"; + }; + in + with config.hm.xdg.userDirs; + { share = { path = publicShare; devices = notHeadless; @@ -145,7 +151,7 @@ in { (mkIf this.isHeadless { nixfiles.modules.nginx = { enable = true; - upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {}; + upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://syncthing"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/throttled.nix b/modules/nixos/throttled.nix index eca803b..7d37cd4 100644 --- a/modules/nixos/throttled.nix +++ b/modules/nixos/throttled.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.throttled; -in { +in +{ options.nixfiles.modules.throttled.enable = mkEnableOption "Throttled"; config = mkIf cfg.enable { diff --git a/modules/nixos/thunderbird.nix b/modules/nixos/thunderbird.nix index 29ea9c9..74af3b5 100644 --- a/modules/nixos/thunderbird.nix +++ b/modules/nixos/thunderbird.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.thunderbird; -in { +in +{ options.nixfiles.modules.thunderbird.enable = mkEnableOption "Thunderbird"; config = mkIf cfg.enable { @@ -20,7 +18,8 @@ in { isDefault = true; withExternalGnupg = true; # https://github.com/HorlogeSkynet/thunderbird-user.js/blob/master/user.js - settings = with config.colors.withHashtag; + settings = + with config.colors.withHashtag; config.hm.programs.firefox.profiles.default.settings // { "app.donation.eoy.version.viewed" = 999; diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix index 5aaf104..e71d48c 100644 --- a/modules/nixos/unbound.nix +++ b/modules/nixos/unbound.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.unbound; -in { +in +{ options.nixfiles.modules.unbound = { enable = mkEnableOption "Unbound"; @@ -18,11 +20,12 @@ in { }; }; - config = let - adblock-conf = "${config.services.unbound.stateDir}/adblock.conf"; - in + config = + let + adblock-conf = "${config.services.unbound.stateDir}/adblock.conf"; + in mkIf cfg.enable { - ark.directories = [config.services.unbound.stateDir]; + ark.directories = [ config.services.unbound.stateDir ]; nixfiles.modules.redis.enable = true; @@ -45,40 +48,51 @@ in { ipv6.address ]; - local-zone = - concatLists - (mapAttrsToList (h: _: ["\"${h}.${cfg.domain}\" redirect"]) - my.configurations); - local-data = concatLists (mapAttrsToList (hostname: let - domain = "${hostname}.${cfg.domain}"; - in - attr: (optionals (hasAttr "wireguard" attr) (with attr.wireguard; - [ - "\"${domain} 604800 IN A ${ipv4.address}\"" - "\"${domain} 604800 IN AAAA ${ipv6.address}\"" - "\"${domain}. A ${ipv4.address}\"" - "\"${domain}. AAAA ${ipv6.address}\"" - ] - ++ concatMap (domain: [ - "\"${domain}. A ${ipv4.address}\"" - "\"${domain}. AAAA ${ipv6.address}\"" - ]) - attr.domains))) - my.configurations); - local-data-ptr = concatLists (mapAttrsToList (hostname: let - domain = "${hostname}.${cfg.domain}"; - in - attr: (optionals (hasAttr "wireguard" attr) (with attr.wireguard; - [ - "\"${ipv4.address} ${domain}\"" - "\"${ipv6.address} ${domain}\"" - ] - ++ concatMap (domain: [ - "\"${ipv4.address} ${domain}\"" - "\"${ipv6.address} ${domain}\"" - ]) - attr.domains))) - my.configurations); + local-zone = concatLists ( + mapAttrsToList (h: _: [ "\"${h}.${cfg.domain}\" redirect" ]) my.configurations + ); + local-data = concatLists ( + mapAttrsToList ( + hostname: + let + domain = "${hostname}.${cfg.domain}"; + in + attr: + (optionals (hasAttr "wireguard" attr) ( + with attr.wireguard; + [ + "\"${domain} 604800 IN A ${ipv4.address}\"" + "\"${domain} 604800 IN AAAA ${ipv6.address}\"" + "\"${domain}. A ${ipv4.address}\"" + "\"${domain}. AAAA ${ipv6.address}\"" + ] + ++ concatMap (domain: [ + "\"${domain}. A ${ipv4.address}\"" + "\"${domain}. AAAA ${ipv6.address}\"" + ]) attr.domains + )) + ) my.configurations + ); + local-data-ptr = concatLists ( + mapAttrsToList ( + hostname: + let + domain = "${hostname}.${cfg.domain}"; + in + attr: + (optionals (hasAttr "wireguard" attr) ( + with attr.wireguard; + [ + "\"${ipv4.address} ${domain}\"" + "\"${ipv6.address} ${domain}\"" + ] + ++ concatMap (domain: [ + "\"${ipv4.address} ${domain}\"" + "\"${ipv6.address} ${domain}\"" + ]) attr.domains + )) + ) my.configurations + ); private-domain = map (domain: "${domain}.") [ cfg.domain @@ -124,9 +138,19 @@ in { { name = "."; forward-tls-upstream = true; - forward-addr = let - mkDnsOverTls = ips: auth: map (ip: concatStrings [ip "@" auth]) ips; - in + forward-addr = + let + mkDnsOverTls = + ips: auth: + map ( + ip: + concatStrings [ + ip + "@" + auth + ] + ) ips; + in mkDnsOverTls dns.const.quad9.default "853#dns.quad9.net"; } ]; @@ -154,40 +178,45 @@ in { systemd = { services = { - unbound.after = ["unbound-adblock-update.service"]; + unbound.after = [ "unbound-adblock-update.service" ]; unbound-adblock-update = { serviceConfig = with config.services.unbound; { Type = "oneshot"; User = user; Group = group; - ExecStart = getExe (pkgs.writeShellApplication { - name = "unbound-adblock-update"; - runtimeInputs = [pkgs.curl package]; - text = '' - curl \ - -s \ - -o ${adblock-conf} \ - "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/multi.blacklist.conf" - - if [[ -f "${localControlSocketPath}" ]]; then - unbound-control reload - fi - ''; - }); + ExecStart = getExe ( + pkgs.writeShellApplication { + name = "unbound-adblock-update"; + runtimeInputs = [ + pkgs.curl + package + ]; + text = '' + curl \ + -s \ + -o ${adblock-conf} \ + "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/multi.blacklist.conf" + + if [[ -f "${localControlSocketPath}" ]]; then + unbound-control reload + fi + ''; + } + ); }; }; }; timers.unbound-adblock-update = { - requires = ["network-online.target"]; - after = ["network-online.target"]; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; timerConfig = { OnCalendar = "daily"; Persistent = true; Unit = "unbound-adblock-update.service"; }; - wantedBy = ["timers.target"]; + wantedBy = [ "timers.target" ]; }; }; diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix index 53a3f81..2cacb6c 100644 --- a/modules/nixos/vaultwarden.nix +++ b/modules/nixos/vaultwarden.nix @@ -4,9 +4,11 @@ lib, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.vaultwarden; -in { +in +{ options.nixfiles.modules.vaultwarden = { enable = mkEnableOption "Vaultwarden"; @@ -17,11 +19,12 @@ in { }; }; - config = let - db = "vaultwarden"; - in + config = + let + db = "vaultwarden"; + in mkIf cfg.enable { - ark.directories = ["/var/lib/bitwarden_rs"]; + ark.directories = [ "/var/lib/bitwarden_rs" ]; secrets.vaultwarden-environment = { file = "${inputs.self}/secrets/vaultwarden-environment"; @@ -33,8 +36,8 @@ in { nginx = { enable = true; upstreams = with config.services.vaultwarden.config; { - vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = {}; - vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = {}; + vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = { }; + vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = { }; }; virtualHosts.${cfg.domain}.locations = { "/" = { @@ -95,7 +98,7 @@ in { }; postgresql = { - ensureDatabases = [db]; + ensureDatabases = [ db ]; ensureUsers = [ { name = db; @@ -123,14 +126,14 @@ in { }; environment.etc = { - "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI {} { + "fail2ban/filter.d/vaultwarden.conf".text = generators.toINI { } { Definition = { failregex = "^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$"; ignoreregex = ""; journalmatch = "_SYSTEMD_UNIT=vaultwarden.service"; }; }; - "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI {} { + "fail2ban/filter.d/vaultwarden-admin.conf".text = generators.toINI { } { Definition = { failregex = "^.*Invalid admin token\. IP: <ADDR>.*$"; ignoreregex = ""; diff --git a/modules/nixos/victoriametrics.nix b/modules/nixos/victoriametrics.nix index 6b037b9..88dff1b 100644 --- a/modules/nixos/victoriametrics.nix +++ b/modules/nixos/victoriametrics.nix @@ -4,9 +4,11 @@ libNginx, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.prometheus; -in { +in +{ options.nixfiles.modules.prometheus = { enable = mkEnableOption "VictoriaMetrics"; @@ -26,7 +28,7 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = with cfg; { enable = true; - upstreams.victoriametrics.servers."127.0.0.1:${toString cfg.port}" = {}; + upstreams.victoriametrics.servers."127.0.0.1:${toString cfg.port}" = { }; virtualHosts.${domain} = { locations."/".proxyPass = "http://victoriametrics"; extraConfig = libNginx.config.internalOnly; diff --git a/modules/nixos/vim/default.nix b/modules/nixos/vim/default.nix index 2fdf064..5d62e35 100644 --- a/modules/nixos/vim/default.nix +++ b/modules/nixos/vim/default.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.vim; -in { +in +{ config = mkIf cfg.enable { programs.vim.package = (pkgs.vim-full.override { @@ -23,13 +25,13 @@ in { rubySupport = false; tclSupport = false; ximSupport = false; - }) - .customize { - name = "vim"; - vimrcConfig = with cfg; { - customRC = rc; - packages.myVimPackage.start = plugins; + }).customize + { + name = "vim"; + vimrcConfig = with cfg; { + customRC = rc; + packages.myVimPackage.start = plugins; + }; }; - }; }; } diff --git a/modules/nixos/wayland.nix b/modules/nixos/wayland.nix index b64ab32..e3dba79 100644 --- a/modules/nixos/wayland.nix +++ b/modules/nixos/wayland.nix @@ -4,12 +4,16 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.wayland; -in { +in +{ options.nixfiles.modules.wayland.enable = mkEnableOption "Wayland"; config = mkIf cfg.enable { - hm.home.packages = with pkgs; [wl-clipboard]; + nixfiles.modules.foot.enable = true; + + hm.home.packages = with pkgs; [ wl-clipboard ]; }; } diff --git a/modules/nixos/wireguard.nix b/modules/nixos/wireguard.nix index d05c6ae..f645a90 100644 --- a/modules/nixos/wireguard.nix +++ b/modules/nixos/wireguard.nix @@ -6,9 +6,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.wireguard; -in { +in +{ options.nixfiles.modules.wireguard = { client = { enable = mkEnableOption "WireGuard client"; @@ -56,16 +58,20 @@ in { peers = mkOption { description = "List of peers."; type = with types; listOf attrs; - default = mapAttrsToList (_: attr: - with attr; { - inherit (wireguard) publicKey; - allowedIPs = with wireguard; [ - "${ipv4.address}/32" - "${ipv6.address}/128" - ]; - }) (filterAttrs (_: attr: - attr.hostname != this.hostname && hasAttr "wireguard" attr) - my.configurations); + default = + mapAttrsToList + ( + _: attr: with attr; { + inherit (wireguard) publicKey; + allowedIPs = with wireguard; [ + "${ipv4.address}/32" + "${ipv6.address}/128" + ]; + } + ) + ( + filterAttrs (_: attr: attr.hostname != this.hostname && hasAttr "wireguard" attr) my.configurations + ); }; }; @@ -105,13 +111,16 @@ in { (mkIf (cfg.client.enable || cfg.server.enable) { secrets."wireguard-private-key-${this.hostname}".file = "${inputs.self}/secrets/wireguard-private-key-${this.hostname}"; - networking.firewall.trustedInterfaces = [cfg.interface]; + networking.firewall.trustedInterfaces = [ cfg.interface ]; }) (mkIf cfg.client.enable { networking.wg-quick.interfaces.${cfg.interface} = mkMerge [ (with this.wireguard; { privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; - address = ["${ipv4.address}/16" "${ipv6.address}/16"]; + address = [ + "${ipv4.address}/16" + "${ipv6.address}/16" + ]; }) (with cfg.server; { peers = [ @@ -119,15 +128,16 @@ in { inherit publicKey; endpoint = "${address}:${toString port}"; allowedIPs = - if cfg.client.enableTrafficRouting - then [ - "0.0.0.0/0" - "::/0" - ] - else [ - cfg.ipv4.subnet - cfg.ipv6.subnet - ]; + if cfg.client.enableTrafficRouting then + [ + "0.0.0.0/0" + "::/0" + ] + else + [ + cfg.ipv4.subnet + cfg.ipv6.subnet + ]; persistentKeepalive = 25; } ]; @@ -141,7 +151,11 @@ in { environment.systemPackages = with pkgs; [ (writeShellApplication { name = "wg-toggle"; - runtimeInputs = [iproute2 jq wireguard-tools]; + runtimeInputs = [ + iproute2 + jq + wireguard-tools + ]; text = '' ip46() { sudo ip -4 "$@" @@ -166,7 +180,10 @@ in { enable = true; interfaces.${cfg.interface} = with cfg.server; { privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; - ips = ["${ipv4.address}/16" "${ipv6.address}/16"]; + ips = [ + "${ipv4.address}/16" + "${ipv6.address}/16" + ]; listenPort = port; inherit peers; allowedIPsAsRoutes = false; @@ -179,12 +196,12 @@ in { externalInterface = mkDefault "eth0"; - internalInterfaces = [cfg.interface]; - internalIPs = [cfg.ipv4.subnet]; - internalIPv6s = [cfg.ipv6.subnet]; + internalInterfaces = [ cfg.interface ]; + internalIPs = [ cfg.ipv4.subnet ]; + internalIPv6s = [ cfg.ipv6.subnet ]; }; - firewall.allowedUDPPorts = [cfg.server.port]; + firewall.allowedUDPPorts = [ cfg.server.port ]; }; services.prometheus.exporters.wireguard = { diff --git a/modules/nixos/x11.nix b/modules/nixos/x11.nix index 52420db..55ba0b5 100644 --- a/modules/nixos/x11.nix +++ b/modules/nixos/x11.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.x11; -in { +in +{ options.nixfiles.modules.x11.enable = mkEnableOption "X11"; config = mkIf cfg.enable { @@ -19,7 +21,7 @@ in { XCOMPOSECACHE = "${config.dirs.cache}/libx11/compose"; }; - packages = with pkgs; [xclip]; + packages = with pkgs; [ xclip ]; }; xresources.properties = { @@ -34,21 +36,23 @@ in { services.xsettingsd = { enable = true; # https://codeberg.org/derat/xsettingsd#settings - settings = let - xprop = config.hm.xresources.properties; - in { - "Net/CursorBlink" = 1; - "Net/CursorBlinkTime" = 1200; - "Net/DndDragThreshold" = 0; - "Net/DoubleClickDistance" = 5; - "Net/DoubleClickTime" = 250; - "Net/EnableEventSounds" = 1; - "Net/EnableInputFeedbackSounds" = 1; - "Xft/Antialias" = xprop."Xft.antialias"; - "Xft/HintStyle" = xprop."Xft.hintstyle"; - "Xft/Hinting" = xprop."Xft.hinting"; - "Xft/RGBA" = xprop."Xft.rgba"; - }; + settings = + let + xprop = config.hm.xresources.properties; + in + { + "Net/CursorBlink" = 1; + "Net/CursorBlinkTime" = 1200; + "Net/DndDragThreshold" = 0; + "Net/DoubleClickDistance" = 5; + "Net/DoubleClickTime" = 250; + "Net/EnableEventSounds" = 1; + "Net/EnableInputFeedbackSounds" = 1; + "Xft/Antialias" = xprop."Xft.antialias"; + "Xft/HintStyle" = xprop."Xft.hintstyle"; + "Xft/Hinting" = xprop."Xft.hinting"; + "Xft/RGBA" = xprop."Xft.rgba"; + }; }; }; diff --git a/modules/nixos/xmonad.nix b/modules/nixos/xmonad.nix index b4eb4a0..7b49f52 100644 --- a/modules/nixos/xmonad.nix +++ b/modules/nixos/xmonad.nix @@ -4,9 +4,11 @@ pkgs, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.xmonad; -in { +in +{ options.nixfiles.modules.xmonad.enable = mkEnableOption "XMonad"; config = mkIf cfg.enable { @@ -24,6 +26,6 @@ in { services.xserver.displayManager.startx.enable = true; - nixpkgs.overlays = [inputs.xmonad-ng.overlays.default]; + nixpkgs.overlays = [ inputs.xmonad-ng.overlays.default ]; }; } diff --git a/modules/nixos/zathura.nix b/modules/nixos/zathura.nix index e7d1415..95039a5 100644 --- a/modules/nixos/zathura.nix +++ b/modules/nixos/zathura.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - ... -}: -with lib; let +{ config, lib, ... }: +with lib; +let cfg = config.nixfiles.modules.zathura; -in { +in +{ config = mkIf cfg.enable { nixfiles.modules.common.xdg.defaultApplications."org.pwmt.zathura" = [ "application/pdf" |