diff options
| author | azahi <azat@bahawi.net> | 2025-02-17 02:21:56 +0300 |
|---|---|---|
| committer | azahi <azat@bahawi.net> | 2025-02-17 02:21:56 +0300 |
| commit | 59180328cda59817d71cd58c8f48ead047375064 (patch) | |
| tree | 2cdd7d1bfa309839ef624c19daf283f510aacf69 /modules | |
| parent | 2025-02-05 (diff) | |
2025-02-17
Diffstat (limited to 'modules')
106 files changed, 1307 insertions, 2048 deletions
diff --git a/modules/acme.nix b/modules/acme.nix index bbaf434..e675d1d 100644 --- a/modules/acme.nix +++ b/modules/acme.nix @@ -1,11 +1,10 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.acme; in { imports = [ - (mkAliasOptionModule + (lib.mkAliasOptionModule [ "certs" ] [ "security" @@ -16,16 +15,16 @@ in ]; options.nixfiles.modules.acme = { - enable = mkEnableOption "ACME"; + enable = lib.mkEnableOption "ACME"; - email = mkOption { + email = lib.mkOption { description = "Email for notifications."; - type = with types; str; - default = "hostmaster@${my.domain.shire}"; + type = lib.types.str; + default = "hostmaster@${lib.my.domain.shire}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/acme" ]; security.acme = { diff --git a/modules/alacritty.nix b/modules/alacritty.nix index 704ce79..1ba11ac 100644 --- a/modules/alacritty.nix +++ b/modules/alacritty.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.alacritty; in { - options.nixfiles.modules.alacritty.enable = mkEnableOption "Alacritty terminal emulator"; + options.nixfiles.modules.alacritty.enable = lib.mkEnableOption "Alacritty terminal emulator"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.programs.alacritty = { enable = true; settings = { diff --git a/modules/alertmanager.nix b/modules/alertmanager.nix index e5366e5..94c21b0 100644 --- a/modules/alertmanager.nix +++ b/modules/alertmanager.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.alertmanager; in @@ -14,22 +13,22 @@ in imports = [ inputs.alertmanager-ntfy.nixosModules.default ]; options.nixfiles.modules.alertmanager = { - enable = mkEnableOption "Alertmanager"; + enable = lib.mkEnableOption "Alertmanager"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 30112; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = "alertmanager.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { ntfy.enable = true; nginx = { @@ -56,18 +55,18 @@ in configuration = { global = { - smtp_from = "alertmanager@${my.domain.shire}"; - smtp_smarthost = "${my.domain.shire}:584"; + smtp_from = "alertmanager@${lib.my.domain.shire}"; + smtp_smarthost = "${lib.my.domain.shire}:584"; }; route = { - receiver = my.username; + receiver = lib.my.username; group_by = [ "alertname" ]; }; receivers = [ { - name = my.username; + name = lib.my.username; webhook_configs = [ { url = with config.services.alertmanager-ntfy; "http://${httpAddress}:${httpPort}"; } ]; @@ -86,13 +85,11 @@ in envFile = "/dev/null"; }; - topology = with cfg; { - nodes.${this.hostname}.services.alertmanager = { - name = "Alertmanager"; - icon = "${inputs.homelab-svg-assets}/assets/prometheus.svg"; - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.alertmanager = { + name = "Alertmanager"; + icon = "${inputs.homelab-svg-assets}/assets/prometheus.svg"; + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString cfg.port}"; }; }; } diff --git a/modules/aria2.nix b/modules/aria2.nix index cdf1c4f..0c41732 100644 --- a/modules/aria2.nix +++ b/modules/aria2.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.aria2; in { - options.nixfiles.modules.aria2.enable = mkEnableOption "aria2"; + options.nixfiles.modules.aria2.enable = lib.mkEnableOption "aria2"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.programs.aria2 = { enable = true; diff --git a/modules/bat.nix b/modules/bat.nix index a95d67d..a97064d 100644 --- a/modules/bat.nix +++ b/modules/bat.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.bat; in { - options.nixfiles.modules.bat.enable = mkEnableOption "bat, an alternative to cat"; + options.nixfiles.modules.bat.enable = lib.mkEnableOption "bat, an alternative to cat"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common.shell.aliases = { baj = "bat --language=json --tabs 2"; bay = "bat --language=yaml --tabs 2"; diff --git a/modules/beets.nix b/modules/beets.nix index 3141e4d..092b384 100644 --- a/modules/beets.nix +++ b/modules/beets.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.beets; in { - options.nixfiles.modules.beets.enable = mkEnableOption "beets"; + options.nixfiles.modules.beets.enable = lib.mkEnableOption "beets"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = let beetsdir = "${config.dirs.data}/beets"; @@ -36,7 +35,7 @@ in settings = { library = "${beetsdir}/library.db"; directory = config.userDirs.music; - plugins = concatStringsSep " " [ + plugins = lib.concatStringsSep " " [ "badfiles" "edit" "fetchart" @@ -61,6 +60,23 @@ in quiet = false; bell = true; }; + musicbrainz = { + extra_tags = [ + "year" + "catalognum" + "country" + "media" + "label" + ]; + external_ids = { + bandcamp = true; + beatport = false; + deezer = false; + discogs = true; + spotify = false; + tidal = false; + }; + }; match = { preferred = { countries = [ @@ -77,8 +93,6 @@ in "CA" "AU" "NZ" - "US" - "XW" ]; original_year = true; }; diff --git a/modules/bluetooth.nix b/modules/bluetooth.nix index 117aff7..963e484 100644 --- a/modules/bluetooth.nix +++ b/modules/bluetooth.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.bluetooth; in { - options.nixfiles.modules.bluetooth.enable = mkEnableOption "Bluetooth support"; + options.nixfiles.modules.bluetooth.enable = lib.mkEnableOption "Bluetooth support"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/bluetooth" ]; hardware.bluetooth = { diff --git a/modules/chromium.nix b/modules/chromium.nix index bc34ecd..7e9e086 100644 --- a/modules/chromium.nix +++ b/modules/chromium.nix @@ -4,25 +4,23 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.chromium; in { - options.nixfiles.modules.chromium.enable = mkEnableOption "Chromium"; + options.nixfiles.modules.chromium.enable = lib.mkEnableOption "Chromium"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { - home.packages = with pkgs; [ profile-cleaner ]; + home.packages = [ pkgs.profile-cleaner ]; programs.chromium = { enable = true; - # package = pkgs.ungoogled-chromium; + package = pkgs.ungoogled-chromium; extensions = [ { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin - { id = "nkbihfbeogaeaoehlefnkodbefgpgknn"; } # MetaMask ]; }; }; diff --git a/modules/clickhouse.nix b/modules/clickhouse.nix index 6bb53bb..f08678d 100644 --- a/modules/clickhouse.nix +++ b/modules/clickhouse.nix @@ -5,19 +5,16 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.clickhouse; in { options.nixfiles.modules.clickhouse = { - enable = mkEnableOption "Clickhouse"; + enable = lib.mkEnableOption "Clickhouse"; }; - config = mkIf cfg.enable { - services.clickhouse = { - enable = true; - }; + config = lib.mkIf cfg.enable { + services.clickhouse.enable = true; topology = { nodes.${this.hostname}.services.clickhouse = { diff --git a/modules/common/default.nix b/modules/common/default.nix index 38094e7..781e50f 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -1,4 +1,4 @@ { lib, ... }: { - imports = lib.attrValues (lib.modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; } diff --git a/modules/common/home-manager.nix b/modules/common/home-manager.nix index 118fc0e..31a11f6 100644 --- a/modules/common/home-manager.nix +++ b/modules/common/home-manager.nix @@ -28,7 +28,7 @@ home-manager = { backupFileExtension = "bak"; useUserPackages = true; - useGlobalPkgs = true; + useGlobalPkgs = false; verbose = true; }; } diff --git a/modules/common/locale.nix b/modules/common/locale.nix index acd1ecd..82df387 100644 --- a/modules/common/locale.nix +++ b/modules/common/locale.nix @@ -4,7 +4,6 @@ pkgs, ... }: -with lib; { hm.home.language = { collate = "C"; @@ -16,7 +15,7 @@ with lib; }; i18n = { - defaultLocale = mkDefault "en_GB.UTF-8"; + defaultLocale = lib.mkDefault "en_GB.UTF-8"; supportedLocales = [ "C.UTF-8/UTF-8" "en_GB.UTF-8/UTF-8" @@ -47,7 +46,7 @@ with lib; services.xserver.xkb = { layout = "us,ru"; variant = ",phonetic"; - options = concatStringsSep "," [ + options = lib.concatStringsSep "," [ "caps:escape" "compose:menu" "grp:win_space_toggle" diff --git a/modules/common/nix.nix b/modules/common/nix.nix index 0ce2ae4..6cb3787 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.common.nix; in @@ -16,24 +15,24 @@ in mixins-trusted-nix-caches ]; - options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption { + options.nixfiles.modules.common.nix.allowedUnfreePackages = lib.mkOption { description = "A list of allowed unfree packages."; - type = with types; listOf str; + type = with lib.types; listOf str; default = [ ]; }; config = { _module.args = { - pkgsLocal = packages.useNixpkgs "${config.my.home}/src/nixpkgs"; # Impure! + pkgsLocal = lib.packages.useNixpkgs "${config.my.home}/src/nixpkgs"; # Impure! }; hm = { # Used primarily in conjunction with the "nixfiles" script. home.file.".nix-defexpr/default.nix".text = let - hostname = strings.escapeNixIdentifier this.hostname; + hostname = lib.strings.escapeNixIdentifier this.hostname; in - optionalString this.isHeadful '' + lib.optionalString this.isHeadful '' let self = builtins.getFlake "nixfiles"; configurations = self.nixosConfigurations; @@ -54,16 +53,16 @@ in nix = let - notSelfInputs = filterAttrs (n: _: n != "self") inputs; + notSelfInputs = lib.filterAttrs (n: _: n != "self") inputs; in { - package = mkForce pkgs.nix; # Only use stable Nix. + package = lib.mkForce pkgs.nix; # Only use stable Nix. - nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [ + nixPath = lib.mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [ "nixfiles=${config.my.home}/src/nixfiles" ]; - registry = mapAttrs (_: flake: { inherit flake; }) notSelfInputs // { + registry = lib.mapAttrs (_: flake: { inherit flake; }) notSelfInputs // { nixfiles.flake = inputs.self; }; @@ -77,7 +76,7 @@ in "pipe-operators" ]; - trusted-users = [ my.username ]; + trusted-users = [ lib.my.username ]; substituters = [ "https://nix-community.cachix.org" @@ -95,7 +94,7 @@ in }; nixpkgs = { - config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; + config.allowUnfreePredicate = p: lib.elem (lib.getName p) cfg.allowedUnfreePackages; overlays = [ inputs.self.overlays.default ]; }; @@ -106,16 +105,16 @@ in defaultPackages = [ ]; systemPackages = with pkgs; - optionals this.isHeadful [ + lib.optionals this.isHeadful [ nix-tree nixfiles ]; variables = { - NIXFILES = optionalString this.isHeadful "${config.my.home}/src/nixfiles"; + NIXFILES = lib.optionalString this.isHeadful "${config.my.home}/src/nixfiles"; NIX_SHELL_PRESERVE_PROMPT = "1"; }; }; - system.stateVersion = this.stateVersion or trivial.release; + system.stateVersion = this.stateVersion or lib.trivial.release; }; } diff --git a/modules/common/secrets.nix b/modules/common/secrets.nix index 77dee44..2b8082e 100644 --- a/modules/common/secrets.nix +++ b/modules/common/secrets.nix @@ -6,11 +6,10 @@ this, ... }: -with lib; { imports = [ inputs.agenix.nixosModules.default - (mkAliasOptionModule + (lib.mkAliasOptionModule [ "secrets" ] [ "age" @@ -22,9 +21,11 @@ with lib; config = { age.identityPaths = if this.isHeadful then - [ "${config.my.home}/.ssh/id_${my.ssh.type}" ] + [ "${config.my.home}/.ssh/id_${lib.my.ssh.type}" ] else - map (attr: attr.path) (filter (attr: attr.type == my.ssh.type) config.services.openssh.hostKeys); + config.services.openssh.hostKeys + |> lib.filter (attr: attr.type == lib.my.ssh.type) + |> map (attr: attr.path); environment.systemPackages = with pkgs; [ age diff --git a/modules/common/shell/default.nix b/modules/common/shell/default.nix index 6c0b78f..7c6c835 100644 --- a/modules/common/shell/default.nix +++ b/modules/common/shell/default.nix @@ -182,7 +182,7 @@ in command-not-found.enable = false; }; - home.packages = with pkgs; [ grc ]; + home.packages = [ pkgs.grc ]; }; programs.command-not-found.enable = false; diff --git a/modules/common/stylix.nix b/modules/common/stylix.nix index 4476260..22c21c1 100644 --- a/modules/common/stylix.nix +++ b/modules/common/stylix.nix @@ -6,11 +6,10 @@ this, ... }: -with lib; { imports = [ inputs.stylix.nixosModules.stylix - (mkAliasOptionModule + (lib.mkAliasOptionModule [ "colors" ] [ "lib" @@ -20,7 +19,7 @@ with lib; ) ]; - options.nixfiles.modules.common.stylix.fonts.extraPackages = mkOption { + options.nixfiles.modules.common.stylix.fonts.extraPackages = lib.mkOption { description = "Font packages."; default = with pkgs; [ font-awesome @@ -84,31 +83,31 @@ with lib; }; fonts = { - packages = mkAfter config.nixfiles.modules.common.stylix.fonts.extraPackages; + packages = lib.mkAfter config.nixfiles.modules.common.stylix.fonts.extraPackages; fontconfig = { enable = this.isHeadful; defaultFonts = with config.stylix.fonts; { - serif = mkForce [ + serif = lib.mkForce [ serif.name "Sarasa Gothic" "Source Han Serif" "Noto Serif" ]; - sansSerif = mkForce [ + sansSerif = lib.mkForce [ sansSerif.name "Sarasa Gothic" "Source Han Sans" "Noto Sans" ]; - monospace = mkForce [ + monospace = lib.mkForce [ monospace.name "Sarasa Mono" "Source Han Mono" "Noto Sans Mono" ]; - emoji = mkForce [ + emoji = lib.mkForce [ emoji.name "Noto Color Emoji" ]; diff --git a/modules/common/users.nix b/modules/common/users.nix index e0811b7..ffe6234 100644 --- a/modules/common/users.nix +++ b/modules/common/users.nix @@ -1,16 +1,15 @@ { lib, ... }: -with lib; let - home = "/home/${my.username}"; + home = "/home/${lib.my.username}"; in { imports = [ - (mkAliasOptionModule + (lib.mkAliasOptionModule [ "my" ] [ "users" "users" - my.username + lib.my.username ] ) ]; @@ -26,13 +25,13 @@ in password = null; }; - ${my.username} = { + ${lib.my.username} = { isNormalUser = true; uid = 1000; - description = my.fullname; + description = lib.my.fullname; inherit home; - inherit (my) hashedPassword; - openssh.authorizedKeys.keys = [ my.ssh.key ]; + inherit (lib.my) hashedPassword; + openssh.authorizedKeys.keys = [ lib.my.ssh.key ]; extraGroups = [ "wheel" ]; }; }; diff --git a/modules/common/xdg.nix b/modules/common/xdg.nix index e91d2c5..805afe1 100644 --- a/modules/common/xdg.nix +++ b/modules/common/xdg.nix @@ -93,21 +93,24 @@ in }; hm.xdg = lib.mkMerge [ - (with cfg; { + { enable = true; - inherit cacheHome; - inherit configHome; - inherit dataHome; - inherit stateHome; - inherit userDirs; - }) + inherit (cfg) + cacheHome + configHome + dataHome + stateHome + userDirs + ; + } (lib.mkIf this.isHeadful { mimeApps = { enable = true; - defaultApplications = lib.mkMerge ( - lib.mapAttrsToList (n: v: lib.genAttrs v (_: [ "${n}.desktop" ])) cfg.defaultApplications - ); + defaultApplications = + cfg.defaultApplications + |> lib.mapAttrsToList (n: v: lib.genAttrs v (_: [ "${n}.desktop" ])) + |> lib.mkMerge; }; }) ]; diff --git a/modules/curl.nix b/modules/curl.nix index 3c318fc..aa6ff27 100644 --- a/modules/curl.nix +++ b/modules/curl.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.curl; in { - options.nixfiles.modules.curl.enable = mkEnableOption "cURL"; + options.nixfiles.modules.curl.enable = lib.mkEnableOption "cURL"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.xdg.configFile.".curlrc".text = '' connect-timeout = 60 progress-bar @@ -31,7 +30,7 @@ in form="$form-" fi - ${getExe curl} --form "$form" "$url" + ${lib.getExe curl} --form "$form" "$url" '') ]; }; diff --git a/modules/direnv.nix b/modules/direnv.nix index 2ab0b3f..716181f 100644 --- a/modules/direnv.nix +++ b/modules/direnv.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.direnv; in { - options.nixfiles.modules.direnv.enable = mkEnableOption "direnv"; + options.nixfiles.modules.direnv.enable = lib.mkEnableOption "direnv"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.programs.direnv = { enable = true; config.global = { diff --git a/modules/docker.nix b/modules/docker.nix index 330d417..ce8182a 100644 --- a/modules/docker.nix +++ b/modules/docker.nix @@ -32,7 +32,7 @@ in virtualisation.docker.enable = true; - environment.systemPackages = with pkgs; [ docker-compose ]; + environment.systemPackages = [ pkgs.docker-compose ]; my.extraGroups = [ "docker" ]; }; diff --git a/modules/dwm.nix b/modules/dwm.nix index 912be0c..9b38900 100644 --- a/modules/dwm.nix +++ b/modules/dwm.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.dwm; in { - options.nixfiles.modules.dwm.enable = mkEnableOption "dwm"; + options.nixfiles.modules.dwm.enable = lib.mkEnableOption "dwm"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.x11.enable = true; hm.xsession = { @@ -93,7 +92,7 @@ in NULL, }; static const char *termcmd[] = { - "${getExe pkgs.alacritty}", + "${lib.getExe pkgs.alacritty}", NULL, }; @@ -148,7 +147,7 @@ in ''; }; in - getExe' pkg "dwm"; + lib.getExe' pkg "dwm"; }; hm.services.dwm-status = { diff --git a/modules/editorconfig.nix b/modules/editorconfig.nix index e7f55ff..56cb20c 100644 --- a/modules/editorconfig.nix +++ b/modules/editorconfig.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.editorconfig; in { - options.nixfiles.modules.editorconfig.enable = mkEnableOption "Editorconfig"; + options.nixfiles.modules.editorconfig.enable = lib.mkEnableOption "Editorconfig"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.editorconfig = { enable = true; settings = { diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix index 71bc24c..e546ddd 100644 --- a/modules/emacs/default.nix +++ b/modules/emacs/default.nix @@ -5,17 +5,16 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.emacs; in { - options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs"; + options.nixfiles.modules.emacs.enable = lib.mkEnableOption "GNU Emacs"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { secrets.authinfo = { file = "${inputs.self}/secrets/authinfo"; - owner = my.username; + owner = lib.my.username; }; nixfiles.modules = { @@ -40,7 +39,7 @@ in stylix.targets.emacs.enable = false; xdg.configFile = - mapAttrs + lib.mapAttrs ( _: value: value @@ -50,7 +49,7 @@ in export DOOMDIR="''${XDG_CONFIG_HOME:-$HOME/.config}/doom" if [[ ! -d "$EMACSDIR/.git" ]]; then - ${getExe git.package} clone --depth=1 --branch=master \ + ${lib.getExe git.package} clone --depth=1 --branch=master \ "https://github.com/doomemacs/doomemacs" "$EMACSDIR" fi @@ -74,7 +73,7 @@ in "doom/init.el".source = ./doom/init.el; "doom/packages.el".source = ./doom/packages.el; "doom/config.el" = { - text = concatLines [ + text = lib.concatLines [ ( let extraBins = with pkgs; [ @@ -85,6 +84,9 @@ in ] )) # :checkers (spell +aspell) asmfmt # :editor format + shirepyright # :lang (python +lsp) + bash-language-server # :lang (sh +lsp) + cabal-install # :lang haskell cargo # :lang rust clang-tools # :lang (cc +lsp) :editor format cmake-format # :lang cc :editor format @@ -95,6 +97,7 @@ in dockerfile-language-server-nodejs # :tools (docker +lsp) dockfmt # :tools docker :editor format editorconfig-core-c # :tools editorconfig + eslint # :lang (json +lsp) fd # doom! gcc # :lang cc gdb # :tools debugger @@ -111,11 +114,9 @@ in gotools # :lang go graphviz # :lang (org +roam2) :lang plantuml gzip # :tools tree-sitter + haskell-language-server # :lang (haskell +lsp) haskellPackages.cabal-fmt # :lang haskell :editor format - haskellPackages.cabal-install # :lang haskell - haskellPackages.haskell-language-server # :lang (haskell +lsp) haskellPackages.hoogle # :lang haskell - haskellPackages.ormolu # :lang haskell :editor format html-tidy # :lang web :editor format jdk # :lang java :lang plantuml :checkers grammar languagetool # :checkers grammar @@ -124,24 +125,14 @@ in nixd # :lang (nix +lsp) nixfmt # :lang nix :editor format nls # :lang (nickel +lsp) - nodePackages.bash-language-server # :lang (sh +lsp) - # nodePackages.eslint # :lang (json +lsp) nodePackages.js-beautify # :lang web nodePackages.prettier # :editor format - nodePackages.stylelint # :lang web nodejs # :tools debugger + ormolu # :lang haskell :editor format pandoc # :lang org markdown latex pinentry-emacs # doom! - pipenv # :lang python - poetry # :lang python pre-commit # :tools magit - pyright # :lang python :editor format python3 # :lang python - python3Packages.black # :lang python :editor format - python3Packages.isort # :lang python :editor format - python3Packages.nose2 # :lang python - python3Packages.pyflakes # :lang python :editor format - python3Packages.pytest # :lang python ripgrep # doom! rust-analyzer # :lang (rust +lsp) rustc # :lang rust @@ -150,10 +141,14 @@ in shfmt # :lang sh :editor format sops sqlite # :lang (org +roam2) :tools lookup + stylelint # :lang web terraform-ls # :tools (terraform +lsp) texlab # lang (tex +lsp) texlive.combined.scheme-full # :lang org tex + tinymist + typst unzip # :tools debugger + uv # :lang python vscode-langservers-extracted # :lang (json +lsp) (web +lsp) wordnet # :tools (lookup +dictionary +offline) yaml-language-server # :lang (yaml +lsp) @@ -163,14 +158,14 @@ in '' ;; Integrate packages which are required by various modules ;; without polluting the user's profile. - (setq exec-path (append exec-path '(${concatMapStringsSep " " (x: ''"${x}/bin"'') extraBins}))) - (setenv "PATH" (concat (getenv "PATH") ":${concatMapStringsSep ":" (x: "${x}/bin") extraBins}")) + (setq exec-path (append exec-path '(${lib.concatMapStringsSep " " (x: ''"${x}/bin"'') extraBins}))) + (setenv "PATH" (concat (getenv "PATH") ":${lib.concatMapStringsSep ":" (x: "${x}/bin") extraBins}")) (appendq! auth-sources '(("${config.secrets.authinfo.path}"))) - ;; HACK Explicitly load specific Emacs packages from Nixpkgs. - ;; For some reason providing them as "extraPackages" doesn't - ;; work. + ;; HACK Explicitly load specific Emacs packages from + ;; Nixpkgs. For some reason providing them as + ;; "extraPackages" doesn't work. (add-to-list 'load-path "${pkgs.mu.mu4e}/share/emacs/site-lisp/mu4e") (add-to-list 'load-path "${pkgs.emacsPackages.vterm}/share/emacs/site-lisp/elpa/vterm-${pkgs.emacsPackages.vterm.version}") (load "${ @@ -189,17 +184,17 @@ in (setq parinfer-rust-library "${pkgs.parinfer-rust-emacs}/lib/libparinfer_rust.so") ;; :lang (org +roam2) :email mu4e - (setq emacsql-sqlite-executable "${getExe pkgs.emacsql-sqlite}") + (setq emacsql-sqlite-executable "${lib.getExe pkgs.emacsql-sqlite}") ;; :lang plantuml (setq plantuml-jar-path "${pkgs.plantuml}/lib/plantuml.jar" - plantuml-executable-path "${getExe' pkgs.plantuml "plantuml"}" + plantuml-executable-path "${lib.getExe' pkgs.plantuml "plantuml"}" org-plantuml-jar-path plantuml-jar-path org-plantuml-executable-path plantuml-executable-path) ;; :app irc - (setq circe-default-nick "${my.username}" - circe-default-realname "${my.email}" + (setq circe-default-nick "${lib.my.username}" + circe-default-realname "${lib.my.email}" circe-default-user circe-default-nick) '' ) @@ -210,37 +205,29 @@ in doom-emoji-font "${emoji.name}-${toString sizes.terminal}") '') ( - with config.hm.accounts.email; let mu4eAccounts = - let - muAccounts = filter (a: a.mu.enable) (attrValues accounts); - in - concatMapStringsSep "\n" ( - a: - with a; - let - personalAddresses = concatMapStringsSep " " (v: ''"${v}"'') aliases; - in - '' - (set-email-account! "${name}" - '((user-full-name . "${realName}") - (user-mail-address . "${address}") - (mu4e-inbox-folder . "/${name}/${folders.inbox}") - (mu4e-sent-folder . "/${name}/${folders.sent}") - (mu4e-drafts-folder . "/${name}/${folders.drafts}") - (mu4e-trash-folder . "/${name}/${folders.trash}") - (mu4e-refile-folder . "/${name}/Archive") - ${optionalString (signature.showSignature != "none") - ''(mu4e-compose-signature . "${replaceStrings [ "\n" ] [ "\\n" ] signature.text}")'' - } - (+mu4e-personal-addresses . (${personalAddresses}))) - t) - '' - ) muAccounts; + config.hm.accounts.email.accounts + |> lib.attrValues + |> lib.filter (x: x.mu.enable) + |> lib.concatMapStringsSep "\n" (a: '' + (set-email-account! "${a.name}" + '((user-full-name . "${a.realName}") + (user-mail-address . "${a.address}") + (mu4e-inbox-folder . "/${a.name}/${a.folders.inbox}") + (mu4e-sent-folder . "/${a.name}/${a.folders.sent}") + (mu4e-drafts-folder . "/${a.name}/${a.folders.drafts}") + (mu4e-trash-folder . "/${a.name}/${a.folders.trash}") + (mu4e-refile-folder . "/${a.name}/Archive") + ${lib.optionalString (a.signature.showSignature != "none") + ''(mu4e-compose-signature . "${lib.replaceStrings [ "\n" ] [ "\\n" ] a.signature.text}")'' + } + (+mu4e-personal-addresses . (${lib.concatMapStringsSep " " (x: ''"${x}"'') a.aliases}))) + t) + ''); in '' - (setq mu4e-root-maildir "${maildirBasePath}") + (setq mu4e-root-maildir "${config.hm.accounts.email.maildirBasePath}") ${mu4eAccounts} '' @@ -256,12 +243,12 @@ in package = pkgs.emacs29-pgtk; }; - bash.initExtra = mkAfter '' + bash.initExtra = lib.mkAfter '' export PATH="$PATH:$XDG_CONFIG_HOME/emacs/bin" - # https://github.com/akermu/emacs-libvterm + # https://github.com/akermu/emacs-libvterm?tab=readme-ov-file#shell-side-configuration if [[ "$INSIDE_EMACS" = vterm ]] && [[ -n "$EMACS_VTERM_PATH" ]] && [[ -f "$EMACS_VTERM_PATH/etc/emacs-vterm-bash.sh" ]]; then - source "$EMACS_VTERM_PATH/etc/emacs-vterm-bash.sh" + source "$EMACS_VTERM_PATH/etc/emacs-vterm-bash.sh" fi # Not sourced from inside Emacs for some reason. Maybe it's not diff --git a/modules/emacs/doom/config.el b/modules/emacs/doom/config.el index be481d4..d7ab80e 100644 --- a/modules/emacs/doom/config.el +++ b/modules/emacs/doom/config.el @@ -52,8 +52,21 @@ ;;; LSP ;; -(setq! lsp-enable-suggest-server-download nil - lsp-modeline-code-actions-enable nil) +(after! lsp-mode + (setq! lsp-enable-server-download nil + lsp-enable-suggest-server-download nil + lsp-modeline-code-action-fallback-icon "~")) + +;; +;;; Tree-Sitter +;; + +(use-package! treesit-auto + :disabled + :custom (treesit-auto-install 'prompt) + :config + (treesit-auto-add-to-auto-mode-alist 'all) + (global-treesit-auto-mode)) ;; ;;; Nix @@ -81,52 +94,60 @@ ;;; Org ;; -(setq! org-directory "~/doc/org/") +(setq! org-directory "~/doc/org/" + org-roam-directory "~/doc/roam/" + org-roam-db-location (concat org-roam-directory ".db")) -;; For some reason only using `after!' work here. `setq-hook!' and etc doesn't -;; produce expected results. (after! org - (setq! org-todo-keywords '((sequence - "TODO(t)" - "LOOP(r)" - "STRT(s@)" - "WAIT(w@/!)" - "HOLD(h@/!)" - "IDEA(i)" - "PROJ(p)" - "|" - "DONE(d@/!)" - "KILL(k@/!)")) - org-todo-keyword-faces '(("STRT" . +org-todo-active) - ("WAIT" . +org-todo-onhold) - ("HOLD" . +org-todo-onhold) - ("PROJ" . +org-todo-project) - ("KILL" . +org-todo-cancel)) - org-capture-templates '(("t" "Todo" entry - (file+headline +org-capture-todo-file "Inbox") - "* TODO %?\n%i\n%a" :prepend t) - ("n" "Note" entry - (file+headline +org-capture-notes-file "Inbox") - "* %u %?\n%i\n%a" :prepend t) - ("j" "Journal" entry - (file+olp+datetree +org-capture-journal-file) - "* %U %?\n%i\n%a" :prepend t)))) + (setq! org-todo-keywords + '((sequence + "TODO(t)" + "LOOP(r)" + "STRT(s@)" + "WAIT(w@/!)" + "HOLD(h@/!)" + "IDEA(i)" + "PROJ(p)" + "|" + "DONE(d@/!)" + "KILL(k@/!)")) + org-todo-keyword-faces + '(("STRT" . +org-todo-active) + ("WAIT" . +org-todo-onhold) + ("HOLD" . +org-todo-onhold) + ("PROJ" . +org-todo-project) + ("KILL" . +org-todo-cancel)) + org-capture-templates + '(("t" "Todo" entry + (file+headline +org-capture-todo-file "Inbox") + "* TODO %?\n%i\n%a" :prepend t) + ("n" "Note" entry + (file+headline +org-capture-notes-file "Inbox") + "* %u %?\n%i\n%a" :prepend t) + ("j" "Journal" entry + (file+olp+datetree +org-capture-journal-file) + "* %U %?\n%i\n%a" :prepend t)))) (add-hook! 'org-mode-hook 'auto-fill-mode) (setq-hook! 'org-mode-hook fill-column 80) -(setq! org-roam-directory "~/doc/roam/" - org-roam-db-location (concat org-roam-directory ".db")) - (use-package! org-roam-ui :requires websocket :after org-roam :config - (setq org-roam-ui-sync-theme t - org-roam-ui-follow t - org-roam-ui-update-on-save t - org-roam-ui-open-on-start t)) + (setq! org-roam-ui-sync-theme t + org-roam-ui-follow t + org-roam-ui-update-on-save t + org-roam-ui-open-on-start t)) + +(use-package! org-roam-timestamps + :after org-roam + :custom (org-roam-timestamps-parent-file t)) + +(custom-set-faces! '(org-headline-done :strike-through t)) + +(add-hook 'org-capture-mode-hook 'evil-insert-state) ;; ;;; LaTeX @@ -136,6 +157,29 @@ :i "TAB" #'cdlatex-tab) ;; +;;; Typst +;; + +(use-package! typst-ts-mode + :custom (typst-ts-watch-options "--open") + :config + (add-to-list 'lsp-language-id-configuration '(typst-ts-mode . "typst")) + (lsp-register-client (make-lsp-client + :new-connection (lsp-stdio-connection "tinymist") + :server-id 'tinymist + :major-modes '(typst-ts-mode))) + (add-hook 'typst-ts-mode-hook 'lsp-deferred) + + (when (boundp 'treesit-auto-recipe-list) + (add-to-list 'treesit-auto-recipe-list + (make-treesit-auto-recipe + :lang 'typst + :ts-mode 'typst-ts-mode + :url "https://github.com/uben0/tree-sitter-typst" + :revision "master" + :source-dir "src")))) + +;; ;;; PlantUML ;; @@ -165,9 +209,8 @@ (add-to-list 'lsp-language-id-configuration '(nickel-mode . "nickel")) (lsp-register-client (make-lsp-client :new-connection (lsp-stdio-connection "nls") - :activation-fn (lsp-activate-on "nickel") :server-id 'nls - :major-modes 'nickel-mode)) + :major-modes '(nickel-mode))) (add-hook 'nickel-mode-hook 'lsp-deferred))) ;; @@ -205,7 +248,11 @@ send-mail-function #'smtpmail-send-it message-sendmail-f-is-evil t message-sendmail-extra-arguments '("--read-envelope-from") - message-send-mail-function #'message-send-mail-with-sendmail)) + message-send-mail-function #'message-send-mail-with-sendmail + shr-use-colors nil)) + +(use-package! mu4e-patch + :hook (mu4e-view-mode . mu4e-patch-highlight)) (setq-hook! 'mu4e-main-mode-hook mu4e-update-interval 30) @@ -281,80 +328,91 @@ mistral:7b-instruct-fp16)))) (use-package! ellama - :init - (setq! ellama-naming-scheme 'ellama-generate-name-by-time) + :custom (ellama-naming-scheme 'ellama-generate-name-by-time) :config (require 'llm-ollama) - (setq! ellama-provider (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "llama3.2:3b-instruct-fp16" - :embedding-model "nomic-embed-text:latest") - ellama-providers '(("llama" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "llama3.2:3b-instruct-fp16" - :embedding-model "nomic-embed-text:latest")) - ("qwen" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "qwen2:7b-instruct-fp16" - :embedding-model "nomic-embed-text:latest")) - ("qwen-coder" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "qwen2.5-coder:14b-instruct-q8_0" - :embedding-model "nomic-embed-text:latest")) - ("gemma" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "gemma:7b-instruct-q8_0" - :embedding-model "nomic-embed-text:latest")) - ("mistral" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "mistral:7b-instruct-fp16" - :embedding-model "nomic-embed-text:latest")) - ("opencoder" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "opencoder:8b-instruct-fp16" - :embedding-model "nomic-embed-text:latest")) - ("granite" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "granite3.1-moe:3b-instruct-fp16" - :embedding-model "granite-embedding:278m-fp16"))) - ellama-translation-provider (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "mistral:7b-instruct-fp16" - :embedding-model "nomic-embed-text:latest") - ellama-summarization-provider (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "mistral:7b-instruct-fp16" - :embedding-model "nomic-embed-text:latest"))) + (setq! ellama-providers + '(("llama" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "llama3.2:3b-instruct-fp16" + :embedding-model "nomic-embed-text:latest")) + ("qwen" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "qwen2:7b-instruct-fp16" + :embedding-model "nomic-embed-text:latest")) + ("qwen-coder" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "qwen2.5-coder:14b-instruct-q8_0" + :embedding-model "nomic-embed-text:latest")) + ("gemma" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "gemma:7b-instruct-q8_0" + :embedding-model "nomic-embed-text:latest")) + ("mistral" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "mistral:7b-instruct-fp16" + :embedding-model "nomic-embed-text:latest")) + ("opencoder" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "opencoder:8b-instruct-fp16" + :embedding-model "nomic-embed-text:latest")) + ("granite" . + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "granite3.1-moe:3b-instruct-fp16" + :embedding-model "granite-embedding:278m-fp16"))) + ellama-provider + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "llama3.2:3b-instruct-fp16" + :embedding-model "nomic-embed-text:latest") + ellama-translation-provider + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "mistral:7b-instruct-fp16" + :embedding-model "nomic-embed-text:latest") + ellama-summarization-provider + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "mistral:7b-instruct-fp16" + :embedding-model "nomic-embed-text:latest"))) (use-package! magit-gptcommit :after magit :config (require 'llm-ollama) - (setq! magit-gptcommit-llm-provider (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "qwen2.5-coder:32b-instruct-q3_K_M" - :embedding-model "nomic-embed-text:latest")) + (setq! magit-gptcommit-llm-provider + (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "qwen2.5-coder:32b-instruct-q3_K_M" + :embedding-model "nomic-embed-text:latest")) (magit-gptcommit-status-buffer-setup)) diff --git a/modules/emacs/doom/init.el b/modules/emacs/doom/init.el index 51d4291..eddaf28 100644 --- a/modules/emacs/doom/init.el +++ b/modules/emacs/doom/init.el @@ -87,7 +87,7 @@ (org +pandoc +roam2) plantuml graphviz - (python +poetry +pyright +lsp +tree-sitter) + (python +lsp +tree-sitter +pyright) ;; (racket +lsp +tree-sitter +xp +hash-lang) rest (rust +lsp +tree-sitter) diff --git a/modules/emacs/doom/packages.el b/modules/emacs/doom/packages.el index a7085da..f818377 100644 --- a/modules/emacs/doom/packages.el +++ b/modules/emacs/doom/packages.el @@ -4,16 +4,12 @@ (unpin! evil-collection) +(package! treesit-auto) + (package! xclip) (package! org-roam-ui) - -;; https://github.com/doomemacs/doomemacs/issues/8166 -;; https://github.com/org-roam/org-roam/issues/2485 -(unpin! emacsql) -(package! emacsql - :recipe (:host github :repo "magit/emacsql") - :pin "491105a01f58bf0b346cbc0254766c6800b229a2") +(package! org-roam-timestamps) (package! nickel-mode) @@ -26,6 +22,11 @@ (package! ellama) (package! magit-gptcommit) +(unpin! (:tools tree-sitter)) + +(package! typst-ts-mode + :recipe (:host codeberg :repo "meow_king/typst-ts-mode")) + ;; (package! tvl ;; :recipe (:host nil ;; :repo "https://code.tvl.fyi/depot.git:/tools/emacs-pkgs/tvl.git" diff --git a/modules/endlessh-go.nix b/modules/endlessh-go.nix index 2919534..5d3ddfe 100644 --- a/modules/endlessh-go.nix +++ b/modules/endlessh-go.nix @@ -4,18 +4,17 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.endlessh-go; in { - options.nixfiles.modules.endlessh-go.enable = mkEnableOption "endlessh-go"; + options.nixfiles.modules.endlessh-go.enable = lib.mkEnableOption "endlessh-go"; config = let port = 22; in - mkIf cfg.enable { + lib.mkIf cfg.enable { services.endlessh-go = { enable = true; listenAddress = "0.0.0.0"; diff --git a/modules/endlessh.nix b/modules/endlessh.nix index e607935..6a071b8 100644 --- a/modules/endlessh.nix +++ b/modules/endlessh.nix @@ -1,16 +1,15 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.endlessh; in { - options.nixfiles.modules.endlessh.enable = mkEnableOption "endlessh"; + options.nixfiles.modules.endlessh.enable = lib.mkEnableOption "endlessh"; config = let port = 22; in - mkIf cfg.enable { + lib.mkIf cfg.enable { services.endlessh = { enable = true; inherit port; diff --git a/modules/eza.nix b/modules/eza.nix index 96b7d4c..a0163dc 100644 --- a/modules/eza.nix +++ b/modules/eza.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.eza; in { - options.nixfiles.modules.eza.enable = mkEnableOption "eza, an alternative to ls"; + options.nixfiles.modules.eza.enable = lib.mkEnableOption "eza, an alternative to ls"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common.shell.aliases = rec { ls = "eza --smart-group --dereference"; ll = "${ls} --long --grid"; diff --git a/modules/fail2ban.nix b/modules/fail2ban.nix index a0cc2b4..3659b15 100644 --- a/modules/fail2ban.nix +++ b/modules/fail2ban.nix @@ -4,14 +4,13 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.fail2ban; in { - options.nixfiles.modules.fail2ban.enable = mkEnableOption "fail2ban"; + options.nixfiles.modules.fail2ban.enable = lib.mkEnableOption "fail2ban"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/fail2ban" ]; services.fail2ban = { @@ -23,7 +22,7 @@ in rndtime = "8m"; }; - ignoreIP = optionals (hasAttr "wireguard" this) ( + ignoreIP = lib.optionals (lib.hasAttr "wireguard" this) ( with config.nixfiles.modules.wireguard; [ ipv4.subnet diff --git a/modules/firefox/default.nix b/modules/firefox/default.nix index 3507f2d..0d1fe36 100644 --- a/modules/firefox/default.nix +++ b/modules/firefox/default.nix @@ -5,14 +5,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.firefox; in { - options.nixfiles.modules.firefox.enable = mkEnableOption "Firefox"; + options.nixfiles.modules.firefox.enable = lib.mkEnableOption "Firefox"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common.xdg.defaultApplications.firefox = [ "text/html" "x-scheme-handler/http" @@ -22,7 +21,7 @@ in hm = { imports = [ inputs.arkenfox.hmModules.arkenfox ]; - home.packages = with pkgs; [ profile-cleaner ]; + home.packages = [ pkgs.profile-cleaner ]; stylix.targets.firefox = { enable = true; @@ -43,7 +42,7 @@ in [ ( let - mapFonts = concatMapStringsSep ", " (font: ''"${font}"''); + mapFonts = lib.concatMapStringsSep ", " (font: ''"${font}"''); size = toString config.stylix.fonts.sizes.applications; in with config.fonts.fontconfig.defaultFonts; @@ -60,7 +59,7 @@ in ) (builtins.readFile css) ] - |> concatLines; + |> lib.concatLines; in { id = 0; @@ -77,7 +76,7 @@ in # goes to Robert Helgesson. # # [1]: https://sr.ht/~rycee/mozilla-addons-to-nix/ - buildFirefoxXpiAddon = makeOverridable ( + buildFirefoxXpiAddon = lib.makeOverridable ( { stdenv ? pkgs.stdenv, fetchurl ? pkgs.fetchurl, @@ -103,6 +102,7 @@ in in with addons; [ + bitwarden consent-o-matic furiganaize indie-wiki-buddy @@ -116,8 +116,8 @@ in user-agent-switcher violentmonkey ] - ++ optional config.nixfiles.modules.kde.enable plasma-integration - ++ optional config.nixfiles.modules.ipfs.enable ipfs-companion; + ++ lib.optional config.nixfiles.modules.kde.enable plasma-integration + ++ lib.optional config.nixfiles.modules.ipfs.enable ipfs-companion; search = { force = true; @@ -406,11 +406,11 @@ in name = "XUL"; url = "chrome://browser/content/browser.xhtml"; } - (mkIf syncthing.enable { + (lib.mkIf syncthing.enable { name = "Syncthing"; url = "http://${config.services.syncthing.guiAddress}"; }) - (mkIf ipfs.enable { + (lib.mkIf ipfs.enable { name = "IPFS"; url = "http://127.0.0.1:${toString ipfs.apiPort}/webui"; }) @@ -502,8 +502,8 @@ in "browser.protections_panel.infoMessage.seen" = true; "browser.region.update.region" = "US"; "browser.search.region" = "US"; - "browser.search.separatePrivateDefault" = mkForce false; - "browser.search.separatePrivateDefault.ui.enabled" = mkForce false; + "browser.search.separatePrivateDefault" = lib.mkForce false; + "browser.search.separatePrivateDefault.ui.enabled" = lib.mkForce false; "browser.search.update" = false; "browser.shell.checkDefaultBrowser" = false; "browser.tabs.closeWindowWithLastTab" = true; diff --git a/modules/foot.nix b/modules/foot.nix index 502e143..c449864 100644 --- a/modules/foot.nix +++ b/modules/foot.nix @@ -4,16 +4,15 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.foot; in { - options.nixfiles.modules.foot.enable = mkEnableOption "Foot terminal emulator"; + options.nixfiles.modules.foot.enable = lib.mkEnableOption "Foot terminal emulator"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { - home.packages = with pkgs; [ libsixel ]; + home.packages = [ pkgs.libsixel ]; programs.foot = { enable = true; @@ -26,7 +25,7 @@ in in "${n}x${n}"; }; - scrollback.lines = pow 2 14; + scrollback.lines = lib.pow 2 14; }; }; }; diff --git a/modules/games/default.nix b/modules/games/default.nix index b70b94b..17090bb 100644 --- a/modules/games/default.nix +++ b/modules/games/default.nix @@ -1,16 +1,15 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.games; in { - imports = attrValues (modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; - options.nixfiles.modules.games.enable32BitSupport = mkEnableOption "support for games"; + options.nixfiles.modules.games.enable32BitSupport = lib.mkEnableOption "support for games"; - config = mkMerge [ + config = lib.mkMerge [ { hardware.graphics.enable = true; } - (mkIf cfg.enable32BitSupport { + (lib.mkIf cfg.enable32BitSupport { services = { jack.alsa.support32Bit = config.services.jack.alsa.enable; pipewire.alsa.support32Bit = config.services.pipewire.alsa.enable; diff --git a/modules/games/lutris.nix b/modules/games/lutris.nix index d926971..c2b352e 100644 --- a/modules/games/lutris.nix +++ b/modules/games/lutris.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.games.lutris; in { - options.nixfiles.modules.games.lutris.enable = mkEnableOption "Lutris"; + options.nixfiles.modules.games.lutris.enable = lib.mkEnableOption "Lutris"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.games = { gamemode.enable = true; mangohud.enable = true; diff --git a/modules/games/mangohud.nix b/modules/games/mangohud.nix index 955f50c..0571073 100644 --- a/modules/games/mangohud.nix +++ b/modules/games/mangohud.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.games.mangohud; in { - options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud"; + options.nixfiles.modules.games.mangohud.enable = lib.mkEnableOption "MangoHud"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { stylix.targets.mangohud.enable = false; diff --git a/modules/games/steam.nix b/modules/games/steam.nix index d8c6964..9d41b8f 100644 --- a/modules/games/steam.nix +++ b/modules/games/steam.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.games.steam; in { - options.nixfiles.modules.games.steam.enable = mkEnableOption "Steam runtime"; + options.nixfiles.modules.games.steam.enable = lib.mkEnableOption "Steam runtime"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { common = { nix.allowedUnfreePackages = [ diff --git a/modules/gnupg.nix b/modules/gnupg.nix index 69a10e3..53e72a7 100644 --- a/modules/gnupg.nix +++ b/modules/gnupg.nix @@ -4,21 +4,20 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.gnupg; in { options.nixfiles.modules.gnupg = { - enable = mkEnableOption "GnuPG"; - pinentry = mkOption { + enable = lib.mkEnableOption "GnuPG"; + pinentry = lib.mkOption { description = "Name of a pinentry implementation."; - type = types.package; + type = lib.types.package; default = pkgs.pinentry-curses; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { programs.gpg = { enable = true; @@ -66,7 +65,7 @@ in "Uncompressed" ]; - cs = concatStringsSep " "; + cs = lib.concatStringsSep " "; in { default-preference-list = cs (cipherAlgos ++ digestAlgos ++ compressionAlgos); @@ -75,11 +74,11 @@ in personal-digest-preferences = cs digestAlgos; personal-compress-preferences = cs compressionAlgos; - s2k-cipher-algo = head cipherAlgos; - s2k-digest-algo = head digestAlgos; + s2k-cipher-algo = lib.head cipherAlgos; + s2k-digest-algo = lib.head digestAlgos; - digest-algo = head digestAlgos; - cert-digest-algo = head digestAlgos; + digest-algo = lib.head digestAlgos; + cert-digest-algo = lib.head digestAlgos; } ); }; @@ -97,7 +96,7 @@ in grabKeyboardAndMouse = true; - sshKeys = [ my.pgp.grip ]; + sshKeys = [ lib.my.pgp.grip ]; pinentryPackage = cfg.pinentry; }; diff --git a/modules/gotify.nix b/modules/gotify.nix index ad9b277..2a5dd55 100644 --- a/modules/gotify.nix +++ b/modules/gotify.nix @@ -4,17 +4,16 @@ libNginx, ... }: -with lib; let cfg = config.nixfiles.modules.gotify; in { options.nixfiles.modules.gotify = { - enable = mkEnableOption "Gotify"; + enable = lib.mkEnableOption "Gotify"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "gotify.${config.networking.domain}"; }; }; @@ -23,7 +22,7 @@ in let db = "gotify"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { nixfiles.modules = { nginx = { enable = true; @@ -70,7 +69,7 @@ in ]; environment = { GOTIFY_DATABASE_DIALECT = "postgres"; - GOTIFY_DATABASE_CONNECTION = concatStringsSep " " [ + GOTIFY_DATABASE_CONNECTION = lib.concatStringsSep " " [ "host=/run/postgresql" "user=${db}" "dbname=${db}" diff --git a/modules/grafana.nix b/modules/grafana.nix index b57577d..b1745e5 100644 --- a/modules/grafana.nix +++ b/modules/grafana.nix @@ -6,23 +6,22 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.grafana; in { options.nixfiles.modules.grafana = { - enable = mkEnableOption "Grafana"; + enable = lib.mkEnableOption "Grafana"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 30101; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = "grafana.${config.networking.domain}"; }; }; @@ -31,7 +30,7 @@ in let db = "grafana"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { ark.directories = [ config.services.grafana.dataDir ]; secrets = { @@ -79,11 +78,11 @@ in enable = true; settings = { - server = with cfg; { + server = { protocol = "http"; http_addr = "127.0.0.1"; - http_port = port; - inherit domain; + http_port = cfg.port; + inherit (cfg) domain; enable_gzip = true; }; database = { @@ -95,7 +94,7 @@ in smtp = { enable = true; user = "azahi@shire.net"; - host = my.domain.shire; + host = lib.my.domain.shire; password = "$__file{${config.secrets.grafana-smtp-password.path}}"; }; user = { @@ -123,6 +122,6 @@ in }; }; - topology.nodes.${this.hostname}.services.grafana.info = mkForce cfg.domain; + topology.nodes.${this.hostname}.services.grafana.info = lib.mkForce cfg.domain; }; } diff --git a/modules/htop.nix b/modules/htop.nix index 647abf7..779dc0a 100644 --- a/modules/htop.nix +++ b/modules/htop.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.htop; in { - options.nixfiles.modules.htop.enable = mkEnableOption "htop"; + options.nixfiles.modules.htop.enable = lib.mkEnableOption "htop"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.programs.htop = { enable = true; diff --git a/modules/hydra.nix b/modules/hydra.nix index 85b89ab..785e3e9 100644 --- a/modules/hydra.nix +++ b/modules/hydra.nix @@ -1,26 +1,25 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.hydra; in { options.nixfiles.modules.hydra = { - enable = mkEnableOption "Hydra"; + enable = lib.mkEnableOption "Hydra"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "hydra.${config.networking.domain}"; }; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 7754; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { nginx = { enable = true; diff --git a/modules/hyprland.nix b/modules/hyprland.nix index a2776dc..3b2c273 100644 --- a/modules/hyprland.nix +++ b/modules/hyprland.nix @@ -104,8 +104,9 @@ in ", XF86MonBrightnessUp, exec, brightnessctl set +5%" ", XF86MonBrightnessDown, exec, brightnessctl set 5%-" ] - ++ (builtins.concatLists ( - builtins.genList ( + ++ ( + 10 + |> lib.genList ( x: let ws = @@ -118,8 +119,9 @@ in "SUPER, ${ws}, workspace, ${x + 1 |> toString}" "SUPER SHIFT, ${ws}, movetoworkspace, ${x + 1 |> toString}" ] - ) 10 - )); + ) + |> lib.concatLists + ); }; }; diff --git a/modules/incus.nix b/modules/incus.nix index b4e04e2..272b276 100644 --- a/modules/incus.nix +++ b/modules/incus.nix @@ -1,18 +1,17 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.incus; in { - options.nixfiles.modules.incus.enable = mkEnableOption "Incus"; + options.nixfiles.modules.incus.enable = lib.mkEnableOption "Incus"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/incus" ]; virtualisation.incus = { enable = true; - preseed = mkDefault { + preseed = lib.mkDefault { networks = [ { name = "incusbr0"; diff --git a/modules/ipfs.nix b/modules/ipfs.nix index 80a43b6..c789c18 100644 --- a/modules/ipfs.nix +++ b/modules/ipfs.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.ipfs; @@ -16,174 +15,176 @@ let in { options.nixfiles.modules.ipfs = { - enable = mkEnableOption "IPFS daemon"; + enable = lib.mkEnableOption "IPFS daemon"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "ipfs.${config.networking.fqdn}"; }; - gatewayBind = mkOption { + gatewayBind = lib.mkOption { description = "Gateway bind."; - type = with types; str; + type = lib.types.str; default = "127.0.0.1"; }; - gatewayPort = mkOption { + gatewayPort = lib.mkOption { description = "Gateway port."; - type = with types; port; + type = lib.types.port; default = if this.isHeadless then gatewayDefaultPort + 990 else gatewayDefaultPort; }; - apiBind = mkOption { + apiBind = lib.mkOption { description = "API bind."; - type = with types; str; + type = lib.types.str; default = "127.0.0.1"; }; - apiPort = mkOption { + apiPort = lib.mkOption { description = "API port."; - type = with types; port; + type = lib.types.port; default = if this.isHeadless then apiDefaultPort + 990 else apiDefaultPort; }; - swarmPort = mkOption { + swarmPort = lib.mkOption { description = "Swarm port."; - type = with types; port; + type = lib.types.port; default = swarmDefaultPort; }; }; - config = mkIf cfg.enable (mkMerge [ - { - services.kubo = { - enable = true; - - user = my.username; - inherit (config.my) group; - - dataDir = "${config.dirs.data}/ipfs"; - - autoMigrate = true; - autoMount = true; - emptyRepo = true; - enableGC = true; - - # https://github.com/ipfs/kubo/blob/master/docs/config.md - settings = mkMerge [ - ( - let - filterAddresses = - [ - "/ip4/100.64.0.0/ipcidr/10" - "/ip4/169.254.0.0/ipcidr/16" - "/ip4/172.16.0.0/ipcidr/12" - "/ip4/192.0.0.0/ipcidr/24" - "/ip4/192.0.2.0/ipcidr/24" - "/ip4/192.168.0.0/ipcidr/16" - "/ip4/198.18.0.0/ipcidr/15" - "/ip4/198.51.100.0/ipcidr/24" - "/ip4/203.0.113.0/ipcidr/24" - "/ip4/240.0.0.0/ipcidr/4" - "/ip6/100::/ipcidr/64" - "/ip6/2001:2::/ipcidr/48" - "/ip6/2001:db8::/ipcidr/32" - "/ip6/fe80::/ipcidr/10" - ] - ++ optionals (!hasAttr "wireguard" this) [ - "/ip4/10.0.0.0/ipcidr/8" - "/ip6/fc00::/ipcidr/7" - ]; - in - { - Addresses = { - API = "/ip4/${cfg.apiBind}/tcp/${toString cfg.apiPort}"; - Gateway = "/ip4/${cfg.gatewayBind}/tcp/${toString cfg.gatewayPort}"; - Swarm = - let - port = toString cfg.swarmPort; - in + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + services.kubo = { + enable = true; + + user = lib.my.username; + inherit (config.my) group; + + dataDir = "${config.dirs.data}/ipfs"; + + autoMigrate = true; + autoMount = true; + emptyRepo = true; + enableGC = true; + + # https://github.com/ipfs/kubo/blob/master/docs/config.md + settings = lib.mkMerge [ + ( + let + filterAddresses = [ - "/ip4/0.0.0.0/tcp/${port}" - "/ip6/::/tcp/${port}" - "/ip4/0.0.0.0/udp/${port}/quic" - "/ip4/0.0.0.0/udp/${port}/quic-v1" - "/ip4/0.0.0.0/udp/${port}/quic-v1/webtransport" - "/ip6/::/udp/${port}/quic" - "/ip6/::/udp/${port}/quic-v1" - "/ip6/::/udp/${port}/quic-v1/webtransport" + "/ip4/100.64.0.0/ipcidr/10" + "/ip4/169.254.0.0/ipcidr/16" + "/ip4/172.16.0.0/ipcidr/12" + "/ip4/192.0.0.0/ipcidr/24" + "/ip4/192.0.2.0/ipcidr/24" + "/ip4/192.168.0.0/ipcidr/16" + "/ip4/198.18.0.0/ipcidr/15" + "/ip4/198.51.100.0/ipcidr/24" + "/ip4/203.0.113.0/ipcidr/24" + "/ip4/240.0.0.0/ipcidr/4" + "/ip6/100::/ipcidr/64" + "/ip6/2001:2::/ipcidr/48" + "/ip6/2001:db8::/ipcidr/32" + "/ip6/fe80::/ipcidr/10" + ] + ++ lib.optionals (!lib.hasAttr "wireguard" this) [ + "/ip4/10.0.0.0/ipcidr/8" + "/ip6/fc00::/ipcidr/7" ]; + in + { + Addresses = { + API = "/ip4/${cfg.apiBind}/tcp/${toString cfg.apiPort}"; + Gateway = "/ip4/${cfg.gatewayBind}/tcp/${toString cfg.gatewayPort}"; + Swarm = + let + port = toString cfg.swarmPort; + in + [ + "/ip4/0.0.0.0/tcp/${port}" + "/ip6/::/tcp/${port}" + "/ip4/0.0.0.0/udp/${port}/quic" + "/ip4/0.0.0.0/udp/${port}/quic-v1" + "/ip4/0.0.0.0/udp/${port}/quic-v1/webtransport" + "/ip6/::/udp/${port}/quic" + "/ip6/::/udp/${port}/quic-v1" + "/ip6/::/udp/${port}/quic-v1/webtransport" + ]; + + NoAnnounce = filterAddresses; + }; + + Swarm.AddrFilters = filterAddresses; + + API.HTTPHeaders = { + Access-Control-Allow-Origin = [ + "http://127.0.0.1:5001" + "http://webui.ipfs.io.ipns.localhost:6001" + ]; + Access-Control-Allow-Methods = [ + "PUT" + "POST" + ]; + }; - NoAnnounce = filterAddresses; - }; + Experimental.FilestoreEnabled = true; + } + ) + ]; - Swarm.AddrFilters = filterAddresses; - - API.HTTPHeaders = { - Access-Control-Allow-Origin = [ - "http://127.0.0.1:5001" - "http://webui.ipfs.io.ipns.localhost:6001" - ]; - Access-Control-Allow-Methods = [ - "PUT" - "POST" - ]; - }; + localDiscovery = true; - Experimental.FilestoreEnabled = true; - } - ) - ]; - - localDiscovery = true; - - startWhenNeeded = true; - }; - - networking.firewall = rec { - allowedTCPPorts = [ swarmDefaultPort ]; - allowedUDPPorts = allowedTCPPorts; - }; - - boot.kernel.sysctl = { - "net.core.rmem_max" = 7500000; - "net.core.wmem_max" = 7500000; - }; - - topology = with cfg; { - nodes.${this.hostname}.services.ipfs-kubo = { - name = "IPFS Kubo"; - icon = "${inputs.homelab-svg-assets}/assets/ipfs.svg"; - details.listen.text = '' - ${gatewayBind}:${toString gatewayPort} - ${apiBind}:${toString apiPort} - ''; + startWhenNeeded = true; }; - }; - } - (mkIf this.isHeadless { - nixfiles.modules.nginx = { - enable = true; - upstreams = with cfg; { - kubo_gateway.servers."${gatewayBind}:${toString gatewayPort}" = { }; - kubo_api.servers."${apiBind}:${toString apiPort}" = { }; + + networking.firewall = rec { + allowedTCPPorts = [ swarmDefaultPort ]; + allowedUDPPorts = allowedTCPPorts; + }; + + boot.kernel.sysctl = { + "net.core.rmem_max" = 7500000; + "net.core.wmem_max" = 7500000; + }; + + topology = { + nodes.${this.hostname}.services.ipfs-kubo = { + name = "IPFS Kubo"; + icon = "${inputs.homelab-svg-assets}/assets/ipfs.svg"; + details.listen.text = '' + ${cfg.gatewayBind}:${toString cfg.gatewayPort} + ${cfg.apiBind}:${toString cfg.apiPort} + ''; + }; }; - virtualHosts = { - ${cfg.domain} = { - locations."/".proxyPass = "http://kubo_gateway"; - extraConfig = libNginx.config.internalOnly; + } + (lib.mkIf this.isHeadless { + nixfiles.modules.nginx = { + enable = true; + upstreams = { + kubo_gateway.servers."${cfg.gatewayBind}:${toString cfg.gatewayPort}" = { }; + kubo_api.servers."${cfg.apiBind}:${toString cfg.apiPort}" = { }; }; - "api.${cfg.domain}" = { - locations = { - "/".proxyPass = "http://kubo_api"; - "~ ^/$".return = - "301 http${optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui"; + virtualHosts = { + ${cfg.domain} = { + locations."/".proxyPass = "http://kubo_gateway"; + extraConfig = libNginx.config.internalOnly; + }; + "api.${cfg.domain}" = { + locations = { + "/".proxyPass = "http://kubo_api"; + "~ ^/$".return = + "301 http${lib.optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui"; + }; + extraConfig = libNginx.config.internalOnly; }; - extraConfig = libNginx.config.internalOnly; }; }; - }; - topology.nodes.${this.hostname}.services.ipfs-kubo.info = cfg.domain; - }) - ]); + topology.nodes.${this.hostname}.services.ipfs-kubo.info = cfg.domain; + }) + ] + ); } diff --git a/modules/k3s.nix b/modules/k3s.nix index 9c8f512..103dadc 100644 --- a/modules/k3s.nix +++ b/modules/k3s.nix @@ -6,16 +6,15 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.k3s; in { options.nixfiles.modules.k3s = { - enable = mkEnableOption "K3s"; + enable = lib.mkEnableOption "K3s"; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.enable -> !config.services.nginx.enable; @@ -24,10 +23,10 @@ in ]; nixfiles.modules.common.shell.aliases = { - h = mkDefault "helm"; - k = mkDefault "kubectl"; - kns = mkDefault "kubens"; - ktx = mkDefault "kubectx"; + h = lib.mkDefault "helm"; + k = lib.mkDefault "kubectl"; + kns = lib.mkDefault "kubens"; + ktx = lib.mkDefault "kubectx"; }; ark.directories = [ diff --git a/modules/kde.nix b/modules/kde.nix index f20d5ea..a23eaa4 100644 --- a/modules/kde.nix +++ b/modules/kde.nix @@ -19,11 +19,13 @@ in sound.enable = true; }; - # stylix.targets.qt.platform = "kde"; + stylix.targets.qt.enable = false; hm = { imports = [ inputs.plasma-manager.homeManagerModules.plasma-manager ]; + stylix.targets.qt.enable = false; + home.sessionVariables.GTK_THEME = config.hm.gtk.theme.name; gtk.theme = lib.mkForce { @@ -31,72 +33,83 @@ in name = "Breeze"; }; - # programs = { - # plasma = { - # enable = true; - - # fonts = { - # windowTitle = with config.stylix.fonts; { - # family = sansSerif.name; - # pointSize = sizes.desktop; - # }; - # }; - - # desktop = { - # icons = { - # alignment = "left"; - # arrangement = "topToBottom"; - # sorting = { - # mode = "name"; - # descending = true; - # foldersFirst = true; - # }; - # }; - # }; - - # session = { - # general.askForConfirmationOnLogout = true; - # sessionRestore = { - # excludeApplications = [ ]; - # restoreOpenApplicationsOnLogin = "whenSessionWasManuallySaved"; - # }; - # }; - - # spectacle = { - # shortcuts = { - # launch = "Meta+S"; - # launchWithoutCapturing = "Meta+Alt+S"; - - # captureActiveWindow = "Meta+Print"; - # captureCurrentMonitor = "Print"; - # captureEntireDesktop = "Shift+Print"; - # captureRectangularRegion = "Meta+Shift+S"; - # captureWindowUnderCursor = "Meta+Ctrl+Print"; - - # recordRegion = "Meta+Shift+R"; - # recordScreen = "Meta+Alt+R"; - # recordWindow = "Meta+Ctrl+R"; - # }; - # }; - - # configFile = { - # kcminputrc.Keyboard = with config.services.xserver; { - # RepeatDelay = autoRepeatDelay; - # RepeatRate = autoRepeatInterval; - # }; - # }; - # }; - # }; + programs = { + plasma = { + enable = true; + + immutableByDefault = false; + + fonts = { + windowTitle = with config.stylix.fonts; { + family = sansSerif.name; + pointSize = sizes.desktop; + }; + }; + + desktop = { + icons = { + alignment = "left"; + arrangement = "topToBottom"; + sorting = { + mode = "name"; + descending = true; + foldersFirst = true; + }; + }; + }; + + session = { + general.askForConfirmationOnLogout = true; + sessionRestore = { + excludeApplications = [ ]; + restoreOpenApplicationsOnLogin = "whenSessionWasManuallySaved"; + }; + }; + + spectacle = { + shortcuts = { + launch = "Meta+S"; + launchWithoutCapturing = "Meta+Alt+S"; + + captureActiveWindow = "Meta+Print"; + captureCurrentMonitor = "Print"; + captureEntireDesktop = "Shift+Print"; + captureRectangularRegion = "Meta+Shift+S"; + captureWindowUnderCursor = "Meta+Ctrl+Print"; + + recordRegion = "Meta+Shift+R"; + recordScreen = "Meta+Alt+R"; + recordWindow = "Meta+Ctrl+R"; + }; + }; + + input.keyboard = with config.services.xserver; { + repeatDelay = autoRepeatDelay; + repeatRate = autoRepeatInterval; + numlockOnStartup = "off"; + }; + + configFile = { + baloofilerc."Basic Settings"."Indexing-Enabled" = false; + kwalletrc."Wallet"."Enabled" = false; + kwinrc."Xwayland"."XwaylandEavesdrop" = "None"; + spectaclerc = { + "ImageSave"."imageSaveLocation" = "file://${config.userDirs.pictures}"; + "VideoSave"."videoSaveLocation" = "file://${config.userDirs.videos}"; + }; + }; + }; + + firefox.profiles.default.settings = { + "widget.use-xdg-desktop-portal.file-picker" = 1; + "widget.use-xdg-desktop-portal.mime-handler" = 1; + }; + }; xdg.configFile = { "fontconfig/conf.d/10-hm-fonts.conf".force = lib.mkForce true; "mimeapps.list".force = lib.mkForce true; }; - - programs.firefox.profiles.default.settings = { - "widget.use-xdg-desktop-portal.file-picker" = 1; - "widget.use-xdg-desktop-portal.mime-handler" = 1; - }; }; services = { @@ -121,6 +134,7 @@ in print-manager ]; systemPackages = with pkgs.kdePackages; [ + krdc plasma-disks ]; }; diff --git a/modules/libvirtd.nix b/modules/libvirtd.nix index 4846364..4024d42 100644 --- a/modules/libvirtd.nix +++ b/modules/libvirtd.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.libvirtd; in { - options.nixfiles.modules.libvirtd.enable = mkEnableOption "libvirtd"; + options.nixfiles.modules.libvirtd.enable = lib.mkEnableOption "libvirtd"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/libvirt" ]; hm.home.packages = with pkgs; [ diff --git a/modules/loki.nix b/modules/loki.nix index 75e534b..a9ebb28 100644 --- a/modules/loki.nix +++ b/modules/loki.nix @@ -5,34 +5,33 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.loki; in { options.nixfiles.modules.loki = { - enable = mkEnableOption "Loki"; + enable = lib.mkEnableOption "Loki"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 30171; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "loki.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ config.services.loki.configuration.common.path_prefix ]; - nixfiles.modules.nginx = with cfg; { + nixfiles.modules.nginx = { enable = true; upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = { }; - virtualHosts.${domain} = { + virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://loki"; extraConfig = libNginx.config.internalOnly; }; @@ -122,10 +121,6 @@ in "d ${storage.filesystem.rules_directory} 0700 loki loki - -" ]; - topology = with cfg; { - nodes.${this.hostname}.services.loki = { - info = domain; - }; - }; + topology.nodes.${this.hostname}.services.loki.info = cfg.domain; }; } diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix index ef9fb18..781e50f 100644 --- a/modules/matrix/default.nix +++ b/modules/matrix/default.nix @@ -1 +1,4 @@ -{ lib, ... }: with lib; { imports = attrValues (modulesIn ./.); } +{ lib, ... }: +{ + imports = lib.modulesIn ./. |> lib.attrValues; +} diff --git a/modules/matrix/dendrite.nix b/modules/matrix/dendrite.nix index 89704ea..960096c 100644 --- a/modules/matrix/dendrite.nix +++ b/modules/matrix/dendrite.nix @@ -238,13 +238,11 @@ in }; }; - topology = with cfg; { - nodes.${this.hostname}.services.dendrite = { - name = "Dendrite"; - icon = "${inputs.homelab-svg-assets}/assets/matrix-white.svg"; - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.dendrite = { + name = "Dendrite"; + icon = "${inputs.homelab-svg-assets}/assets/matrix-white.svg"; + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString cfg.port}"; }; }; } diff --git a/modules/matrix/element.nix b/modules/matrix/element.nix index c1c29a7..6fc336e 100644 --- a/modules/matrix/element.nix +++ b/modules/matrix/element.nix @@ -34,19 +34,19 @@ in } ]; - nixfiles.modules.nginx = with cfg; { + nixfiles.modules.nginx = { enable = true; - virtualHosts.${domain}.locations."/".root = pkgs.element-web.override { + virtualHosts.${cfg.domain}.locations."/".root = pkgs.element-web.override { conf = { default_server_config."m.homeserver" = { - base_url = "https://${homeserver}"; - server_name = homeserver; + base_url = "https://${cfg.homeserver}"; + server_name = cfg.homeserver; }; disable_custom_urls = true; disable_guests = true; disable_login_language_selector = true; disable_3pid_login = true; - brand = homeserver; + brand = cfg.homeserver; branding.authFooterLinks = [ { text = "NixOS"; diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix index 164ac5d..04fcccc 100644 --- a/modules/monitoring/default.nix +++ b/modules/monitoring/default.nix @@ -4,16 +4,15 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.monitoring; in { - options.nixfiles.modules.monitoring.enable = mkEnableOption '' + options.nixfiles.modules.monitoring.enable = lib.mkEnableOption '' a glue to provision a monitoring stack ''; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { alertmanager.enable = true; grafana.enable = true; @@ -34,27 +33,27 @@ in # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources datasources.settings.datasources = with config.nixfiles.modules; [ - (mkIf alertmanager.enable { + (lib.mkIf alertmanager.enable { name = "Alertmanager"; type = "alertmanager"; access = "proxy"; url = "https://${alertmanager.domain}"; jsonData.implementation = "prometheus"; }) - (mkIf loki.enable { + (lib.mkIf loki.enable { name = "Loki"; type = "loki"; access = "proxy"; url = "https://${loki.domain}"; isDefault = true; }) - (mkIf prometheus.enable { + (lib.mkIf prometheus.enable { name = "Prometheus"; type = "prometheus"; access = "proxy"; url = "https://${prometheus.domain}"; }) - (mkIf redis.enable { + (lib.mkIf redis.enable { name = "Redis"; type = "redis-datasource"; access = "proxy"; @@ -63,19 +62,19 @@ in }) ]; datasources.settings.deleteDatasources = with config.nixfiles.modules; [ - (mkIf (!alertmanager.enable) { + (lib.mkIf (!alertmanager.enable) { name = "Alertmanager"; orgId = 1; }) - (mkIf (!loki.enable) { + (lib.mkIf (!loki.enable) { name = "Loki"; orgId = 1; }) - (mkIf (!prometheus.enable) { + (lib.mkIf (!prometheus.enable) { name = "Prometheus"; orgId = 1; }) - (mkIf (!redis.enable) { + (lib.mkIf (!redis.enable) { name = "Redis"; orgId = 1; }) @@ -137,21 +136,18 @@ in prometheus = { scrapeConfigs = - with my.configurations; - mapAttrsToList + lib.mapAttrsToList (name: value: { job_name = name; static_configs = [ { - targets = - with value; - map ( - host: - concatStringsSep ":" [ - (if isAttrs host then host.hostname else host) - (toString port) - ] - ) hosts; + targets = map ( + host: + lib.concatStringsSep ":" [ + (if lib.isAttrs host then host.hostname else host) + (toString value.port) + ] + ) value.hosts; } ]; relabel_configs = [ @@ -160,76 +156,79 @@ in regex = "([^:]+):\\d+"; target_label = "instance"; } - ] ++ optionals (hasAttr "relabel" value) value.relabel; + ] ++ lib.optionals (lib.hasAttr "relabel" value) value.relabel; }) - { - promtail = { - hosts = [ - manwe - tulkas - varda - yavanna - ]; - inherit (config.nixfiles.modules.promtail) port; - }; - ntfy = { - hosts = [ manwe ]; - inherit (config.nixfiles.modules.ntfy.prometheus) port; - }; - soju = { - hosts = [ "127.0.0.1" ]; - inherit (config.nixfiles.modules.soju.prometheus) port; - }; - endlessh-go = { - hosts = [ - manwe - tulkas - varda - yavanna - ]; - inherit (config.services.endlessh-go.prometheus) port; - }; - exportarr-prowlarr = { - hosts = [ yavanna ]; - inherit (config.services.prometheus.exporters.exportarr-prowlarr) port; - }; - exportarr-lidarr = { - hosts = [ yavanna ]; - inherit (config.services.prometheus.exporters.exportarr-lidarr) port; - }; - nginx = { - hosts = [ - manwe - yavanna - ]; - inherit (config.services.prometheus.exporters.nginx) port; - }; - node = { - hosts = [ - manwe - tulkas - varda - yavanna - ]; - inherit (config.services.prometheus.exporters.node) port; - }; - postgres = { - hosts = [ manwe ]; - inherit (config.services.prometheus.exporters.postgres) port; - }; - redis = { - hosts = [ manwe ]; - inherit (config.services.prometheus.exporters.redis) port; - }; - unbound = { - hosts = [ manwe ]; - inherit (config.services.prometheus.exporters.unbound) port; - }; - wireguard = { - hosts = [ manwe ]; - inherit (config.services.prometheus.exporters.wireguard) port; - }; - }; + ( + with lib.my.configurations; + { + promtail = { + hosts = [ + manwe + tulkas + varda + yavanna + ]; + inherit (config.nixfiles.modules.promtail) port; + }; + ntfy = { + hosts = [ manwe ]; + inherit (config.nixfiles.modules.ntfy.prometheus) port; + }; + soju = { + hosts = [ "127.0.0.1" ]; + inherit (config.nixfiles.modules.soju.prometheus) port; + }; + endlessh-go = { + hosts = [ + manwe + tulkas + varda + yavanna + ]; + inherit (config.services.endlessh-go.prometheus) port; + }; + exportarr-prowlarr = { + hosts = [ yavanna ]; + inherit (config.services.prometheus.exporters.exportarr-prowlarr) port; + }; + exportarr-lidarr = { + hosts = [ yavanna ]; + inherit (config.services.prometheus.exporters.exportarr-lidarr) port; + }; + nginx = { + hosts = [ + manwe + yavanna + ]; + inherit (config.services.prometheus.exporters.nginx) port; + }; + node = { + hosts = [ + manwe + tulkas + varda + yavanna + ]; + inherit (config.services.prometheus.exporters.node) port; + }; + postgres = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.postgres) port; + }; + redis = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.redis) port; + }; + unbound = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.unbound) port; + }; + wireguard = { + hosts = [ manwe ]; + inherit (config.services.prometheus.exporters.wireguard) port; + }; + } + ); ruleFiles = [ ./rules/nginx.yaml diff --git a/modules/mpd.nix b/modules/mpd.nix index 7c3c821..1742939 100644 --- a/modules/mpd.nix +++ b/modules/mpd.nix @@ -4,18 +4,17 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.mpd; in { - options.nixfiles.modules.mpd.enable = mkEnableOption "MPD and its clients."; + options.nixfiles.modules.mpd.enable = lib.mkEnableOption "MPD and its clients."; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.sound.enable = true; hm = { - home.packages = with pkgs; [ mpc_cli ]; + home.packages = [ pkgs.mpc_cli ]; services.mpd = { enable = true; @@ -140,7 +139,7 @@ in mouse_support = false; - external_editor = getExe' config.programs.vim.package "vim"; + external_editor = lib.getExe' config.programs.vim.package "vim"; use_console_editor = true; colors_enabled = true; diff --git a/modules/mpv.nix b/modules/mpv.nix index 90d46d9..f8278e1 100644 --- a/modules/mpv.nix +++ b/modules/mpv.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.mpv; in { - options.nixfiles.modules.mpv.enable = mkEnableOption "mpv"; + options.nixfiles.modules.mpv.enable = lib.mkEnableOption "mpv"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common = { shell.aliases.cam = "mpv av://v4l2:/dev/video0"; @@ -149,7 +148,7 @@ in config = let - lang = concatStringsSep "," [ + lang = lib.concatStringsSep "," [ "Japanese" "japanese" "jp" diff --git a/modules/murmur.nix b/modules/murmur.nix index d334015..a71cf9a 100644 --- a/modules/murmur.nix +++ b/modules/murmur.nix @@ -4,14 +4,13 @@ lib, ... }: -with lib; let cfg = config.nixfiles.modules.murmur; in { - options.nixfiles.modules.murmur.enable = mkEnableOption "Murmur"; + options.nixfiles.modules.murmur.enable = lib.mkEnableOption "Murmur"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/murmur" ]; secrets.murmur-environment = { @@ -27,8 +26,8 @@ in logDays = -1; - registerName = mkDefault my.domain.shire; - registerHostname = mkDefault my.domain.shire; + registerName = lib.mkDefault lib.my.domain.shire; + registerHostname = lib.mkDefault lib.my.domain.shire; bandwidth = 256000; diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix deleted file mode 100644 index 4053c38..0000000 --- a/modules/nextcloud.nix +++ /dev/null @@ -1,143 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.nextcloud; -in -{ - options.nixfiles.modules.nextcloud = { - enable = mkEnableOption "Nextcloud"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "nextcloud.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules = { - nginx = { - enable = true; - virtualHosts.${cfg.domain} = { }; - }; - postgresql.enable = true; - }; - - services = - let - db = "nextcloud"; - in - { - nextcloud = mkMerge [ - { - enable = true; - package = pkgs.nextcloud23; - - hostName = cfg.domain; - - appstoreEnable = false; - - config = { - adminpassFile = null; # This needs to be set as secret. - - dbtype = "pgsql"; - dbhost = "/run/postgresql"; - dbuser = db; - dbname = db; - - defaultPhoneRegion = "RU"; - }; - - extraApps = - let - mkNextcloudApp = - { - name, - version, - hash, - }: - pkgs.fetchNextcloudApp { - inherit name version hash; - url = "https://github.com/nextcloud/${name}/archive/refs/tags/v${version}.tar.gz"; - }; - in - { - contacts = mkNextcloudApp { - name = "contacts"; - version = "4.0.1"; - sha256 = "sha256-dXKsG8KmlUojeY5dUn/XsMD3KaSh4QcZFOGDdcqlSvE="; - }; - calendar = mkNextcloudApp { - name = "calendar"; - version = "3.0.5"; - sha256 = "sha256-aKUKm7fWJQxOWwma56Tv+GGIo+p0n30Nhoyt4XoxsjI="; - }; - files_rightclick = mkNextcloudApp { - name = "files_rightclick"; - version = "23.0.1"; - sha256 = "sha256-VYODzkvvGrtpyRoug/8UPKhAgfCx1ltP1JdGPiB/lts="; - }; - unsplash = mkNextcloudApp { - name = "unsplash"; - version = "1.2.4"; - sha256 = "sha256-KGSkBOrNu0nK0YvAPYaxEL/kZNoJQD1oBV2aUBxh6cI="; - }; - previewgenerator = mkNextcloudApp { - name = "previewgenerator"; - version = "3.4.1"; - sha256 = "sha256-IUdj0xWt5zHxQoiMv1bYyYTzekuOFrsRIe530QOwC/w="; - }; - bruteforcesettings = mkNextcloudApp { - name = "bruteforcesettings"; - version = "2.3.0"; - sha256 = "sha256-J7ujmiPaw8GI7vDfVPXEum2XAMWvahciP8C6iXgckdE="; - }; - }; - } - (mkIf config.nixfiles.modules.acme.enable { - https = true; - config.overwriteProtocol = "https"; - }) - ]; - - postgresql = { - ensureDatabases = [ db ]; - ensureUsers = [ - { - name = db; - ensureDBOwnership = true; - } - ]; - }; - }; - - systemd = { - services = { - nextcloud-setup.after = [ - "network-online.target" - "postgresql.service" - ]; - - nextcloud-preview-generate-cron.serviceConfig = { - Type = "oneshot"; - User = "nextcloud"; - ExecStart = "${config.services.nextcloud.occ}/bin/nextcloud-occ preview:pre-generate"; - }; - }; - - timers.nextcloud-preview-generate = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "15m"; - OnUnitActiveSec = "15m"; - Unit = "nextcloud-preview-generate-cron.service"; - }; - }; - }; - }; -} diff --git a/modules/nginx.nix b/modules/nginx.nix index 6cb47b4..dee08e4 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -5,28 +5,27 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.nginx; in { options.nixfiles.modules.nginx = { - enable = mkEnableOption "Nginx"; + enable = lib.mkEnableOption "Nginx"; - upstreams = mkOption { + upstreams = lib.mkOption { description = "Defines a group of servers to use as proxy target."; - type = with types; anything; + type = lib.types.anything; default = null; }; - virtualHosts = mkOption { + virtualHosts = lib.mkOption { description = "Attrset of virtual hosts."; - type = with types; anything; + type = lib.types.anything; default = null; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { _module.args.libNginx.config = { internalOnly = '' add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; @@ -56,15 +55,15 @@ in package = pkgs.nginxMainline; - statusPage = mkDefault true; + statusPage = lib.mkDefault true; - recommendedOptimisation = mkDefault true; - recommendedProxySettings = mkDefault true; - recommendedTlsSettings = mkDefault true; + recommendedOptimisation = lib.mkDefault true; + recommendedProxySettings = lib.mkDefault true; + recommendedTlsSettings = lib.mkDefault true; - recommendedBrotliSettings = mkDefault true; - recommendedGzipSettings = mkDefault true; - recommendedZstdSettings = mkDefault true; + recommendedBrotliSettings = lib.mkDefault true; + recommendedGzipSettings = lib.mkDefault true; + recommendedZstdSettings = lib.mkDefault true; resolver.addresses = let @@ -74,15 +73,15 @@ in if config.networking.nameservers != [ ] then config.networking.nameservers else - dns.const.quad9.default; + lib.dns.const.quad9.default; in map escapeIPv6 resolvers; - commonHttpConfig = concatStrings [ + commonHttpConfig = lib.concatStrings [ '' access_log syslog:server=unix:/dev/log; '' - (optionalString (hasAttr "wireguard" this) ( + (lib.optionalString (lib.hasAttr "wireguard" this) ( with config.nixfiles.modules.wireguard; '' geo $internal { @@ -106,14 +105,14 @@ in locations."/".return = "444"; }; } - // (mkIf (cfg.virtualHosts != null) ( - mapAttrs ( + // (lib.mkIf (cfg.virtualHosts != null) ( + lib.mapAttrs ( _: attr: - mkMerge [ + lib.mkMerge [ attr - (mkIf config.nixfiles.modules.acme.enable { - enableACME = mkDefault true; - forceSSL = mkDefault true; + (lib.mkIf config.nixfiles.modules.acme.enable { + enableACME = lib.mkDefault true; + forceSSL = lib.mkDefault true; }) ] ) cfg.virtualHosts @@ -129,8 +128,8 @@ in prometheus.exporters.nginx = { enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - port = mkDefault 9113; + listenAddress = lib.mkDefault this.wireguard.ipv4.address; + port = lib.mkDefault 9113; }; }; diff --git a/modules/nmap.nix b/modules/nmap.nix index c358e71..894dcb4 100644 --- a/modules/nmap.nix +++ b/modules/nmap.nix @@ -5,14 +5,13 @@ inputs, ... }: -with lib; let cfg = config.nixfiles.modules.nmap; in { - options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap"; + options.nixfiles.modules.nmap.enable = lib.mkEnableOption "Nmap"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common.shell.aliases = { nmap-vulners = "nmap -sV --script=vulners/vulners.nse"; nmap-vulscan = "nmap -sV --script=vulscan/vulscan.nse"; @@ -30,15 +29,15 @@ in nmap-formatter ]; - activation.regenerateNmapScripts = with pkgs; '' - ${getExe' nmap "nmap"} --script-updatedb + activation.regenerateNmapScripts = '' + ${lib.getExe' pkgs.nmap "nmap"} --script-updatedb ''; }; systemd.user = { services.update-nmap-vulscan-lists = { Service = { - ExecStart = getExe ( + ExecStart = lib.getExe ( pkgs.writeShellApplication { name = "update-nmap-vulscan-lists"; runtimeInputs = [ pkgs.curl ]; diff --git a/modules/node-exporter.nix b/modules/node-exporter.nix index 8e76903..5e0b9a1 100644 --- a/modules/node-exporter.nix +++ b/modules/node-exporter.nix @@ -4,17 +4,16 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.node-exporter; in { - options.nixfiles.modules.node-exporter.enable = mkEnableOption "Prometheus Node Exporter"; + options.nixfiles.modules.node-exporter.enable = lib.mkEnableOption "Prometheus Node Exporter"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.prometheus.exporters.node = { enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; + listenAddress = lib.mkDefault this.wireguard.ipv4.address; port = 9100; enabledCollectors = [ "buddyinfo" diff --git a/modules/nsd.nix b/modules/nsd.nix index efc175c..82dc16a 100644 --- a/modules/nsd.nix +++ b/modules/nsd.nix @@ -5,37 +5,36 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.nsd; in { options.nixfiles.modules.nsd = { - enable = mkEnableOption "NSD"; + enable = lib.mkEnableOption "NSD"; - fqdn = mkOption { + fqdn = lib.mkOption { description = "FQDN of this nameserver."; - type = with types; str; + type = lib.types.str; default = "ns.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.nginx = let - domain = my.domain.shire; + domain = lib.my.domain.shire; in { enable = true; - virtualHosts = mapAttrs' ( + virtualHosts = lib.mapAttrs' ( _: v: - nameValuePair "mta-sts.${v}" { + lib.nameValuePair "mta-sts.${v}" { locations."= /.well-known/mta-sts.txt" = { extraConfig = '' add_header default_type text/plain; ''; return = "200 '${ - concatStringsSep "\\r\\n" [ + lib.concatStringsSep "\\r\\n" [ "version: STSv1" "mode: enforce" "max_age: 2419200" @@ -44,7 +43,7 @@ in }'"; }; } - ) my.domain; + ) lib.my.domain; }; services = { @@ -58,21 +57,21 @@ in ratelimit.enable = true; zones = - with dns.combinators; + with lib.dns.combinators; let ips = - hostname: with my.configurations.${hostname}; { + hostname: with lib.my.configurations.${hostname}; { A = [ (a ipv4.address) ]; AAAA = [ (aaaa ipv6.address) ]; }; mkEmailEntries = { - domain ? my.domain.shire, + domain ? lib.my.domain.shire, dkimKey ? null, }: { - MX = [ (mx.mx 10 "${my.domain.shire}.") ]; + MX = [ (mx.mx 10 "${lib.my.domain.shire}.") ]; TXT = [ (spf.soft [ "a" ]) ]; DMARC = [ { @@ -82,7 +81,7 @@ in ruf = [ "mailto:postmaster@${domain}" ]; } ]; - DKIM = optional (dkimKey != null) { + DKIM = lib.optional (dkimKey != null) { selector = "mail"; p = dkimKey; }; @@ -96,36 +95,38 @@ in extra ? { }, }: { - ${domain}.data = dns.toString domain (mkMerge [ - { - TTL = 60 * 60; - - SOA = { - nameServer = "${cfg.fqdn}."; - adminEmail = "hostmaster@${my.domain.shire}"; - serial = 2025020201; # Don't forget to bump the revision! - }; - - NS = with my.domain; [ - "ns1.${shire}" - # "ns2.${shire}" - ]; - - CAA = letsEncrypt "hostmaster@${my.domain.shire}"; - } - sldIps - extra - ]); + ${domain}.data = lib.dns.toString domain ( + lib.mkMerge [ + { + TTL = 60 * 60; + + SOA = { + nameServer = "${cfg.fqdn}."; + adminEmail = "hostmaster@${lib.my.domain.shire}"; + serial = 2025020201; # Don't forget to bump the revision! + }; + + NS = with lib.my.domain; [ + "ns1.${shire}" + # "ns2.${shire}" + ]; + + CAA = letsEncrypt "hostmaster@${lib.my.domain.shire}"; + } + sldIps + extra + ] + ); }; # https://ariadne.id/ # https://docs.keyoxide.org/service-providers/dns/ - ariadneIdProof.TXT = [ "openpgp4fpr:${my.pgp.fingerprint}" ]; + ariadneIdProof.TXT = [ "openpgp4fpr:${lib.my.pgp.fingerprint}" ]; in - mkMerge [ + lib.mkMerge [ (mkZone rec { - domain = my.domain.shire; - extra = mkMerge [ + domain = lib.my.domain.shire; + extra = lib.mkMerge [ (mkEmailEntries { inherit domain; dkimKey = "@DKIM_KEY@"; @@ -169,8 +170,8 @@ in ]; }) (mkZone rec { - domain = my.domain.azahi; - extra = mkMerge [ + domain = lib.my.domain.azahi; + extra = lib.mkMerge [ (mkEmailEntries { inherit domain; dkimKey = "@DKIM_KEY@"; @@ -186,8 +187,8 @@ in ]; }) (mkZone rec { - domain = my.domain.gondor; - extra = mkMerge [ + domain = lib.my.domain.gondor; + extra = lib.mkMerge [ (mkEmailEntries { inherit domain; dkimKey = "@DKIM_KEY@"; @@ -202,8 +203,8 @@ in ]; }) (mkZone rec { - domain = my.domain.rohan; - extra = mkMerge [ + domain = lib.my.domain.rohan; + extra = lib.mkMerge [ (mkEmailEntries { inherit domain; dkimKey = "@DKIM_KEY@"; @@ -228,12 +229,12 @@ in allowedUDPPorts = allowedTCPPorts; }; - topology = with cfg; { + topology = { nodes.${this.hostname}.services.nsd = { name = "NSD"; icon = "${inputs.homelab-svg-assets}/assets/unbound.svg"; - details.listen.text = concatMapStringsSep "\n" (i: "${i}:53") ( - filter (i: i != "127.0.0.1" && i != "::1") config.services.nsd.interfaces + details.listen.text = lib.concatMapStringsSep "\n" (i: "${i}:53") ( + lib.filter (i: i != "127.0.0.1" && i != "::1") config.services.nsd.interfaces ); }; }; diff --git a/modules/ntfy.nix b/modules/ntfy.nix index e3de72e..422df2e 100644 --- a/modules/ntfy.nix +++ b/modules/ntfy.nix @@ -6,46 +6,45 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.ntfy; in { options.nixfiles.modules.ntfy = { - enable = mkEnableOption "ntfy"; + enable = lib.mkEnableOption "ntfy"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = types.port; + type = lib.types.port; default = 2586; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "ntfy.${config.networking.domain}"; }; prometheus = { - enable = mkEnableOption "Prometheus exporter." // { + enable = lib.mkEnableOption "Prometheus exporter." // { default = true; }; - address = mkOption { + address = lib.mkOption { description = "Address."; - type = with types; str; + type = lib.types.str; default = this.wireguard.ipv4.address; }; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 9289; }; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.files = [ config.services.ntfy-sh.settings.auth-file ]; nixfiles.modules.nginx = { @@ -72,19 +71,15 @@ in base-url = "https://${cfg.domain}"; behind-proxy = true; enable-metrics = cfg.prometheus.enable; - metrics-listen-http = - with cfg.prometheus; - optionalString cfg.prometheus.enable "${address}:${toString port}"; + metrics-listen-http = with cfg.prometheus; lib.optionalString enable "${address}:${toString port}"; }; }; - topology = with cfg; { - nodes.${this.hostname}.services.ntfy = { - name = "ntfy"; - icon = "${inputs.homelab-svg-assets}/assets/ntfy.svg"; - info = domain; - details.listen.text = config.services.ntfy-sh.settings.listen-http; - }; + topology.nodes.${this.hostname}.services.ntfy = { + name = "ntfy"; + icon = "${inputs.homelab-svg-assets}/assets/ntfy.svg"; + info = cfg.domain; + details.listen.text = config.services.ntfy-sh.settings.listen-http; }; }; } diff --git a/modules/nullmailer.nix b/modules/nullmailer.nix index 9f7b4ac..41fecef 100644 --- a/modules/nullmailer.nix +++ b/modules/nullmailer.nix @@ -4,14 +4,13 @@ lib, ... }: -with lib; let cfg = config.nixfiles.modules.nullmailer; in { - options.nixfiles.modules.nullmailer.enable = mkEnableOption "Nullmailer"; + options.nixfiles.modules.nullmailer.enable = lib.mkEnableOption "Nullmailer"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # No use in enabling it other than having a retry queue. # ark.directories = ["/var/spool/nullmailer"]; diff --git a/modules/password-store.nix b/modules/password-store.nix index 886afb6..d6358a7 100644 --- a/modules/password-store.nix +++ b/modules/password-store.nix @@ -4,15 +4,14 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.password-store; in { options.nixfiles.modules.password-store.enable = - mkEnableOption "the standard UNIX password manager"; + lib.mkEnableOption "the standard UNIX password manager"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.programs = { password-store = { enable = true; @@ -27,7 +26,7 @@ in let completions = "${config.hm.programs.password-store.package}/share/bash-completion/completions"; in - mkAfter '' + lib.mkAfter '' source ${completions}/pass-otp source ${completions}/pass ''; diff --git a/modules/piracy/default.nix b/modules/piracy/default.nix index 3554a02..1410827 100644 --- a/modules/piracy/default.nix +++ b/modules/piracy/default.nix @@ -9,7 +9,7 @@ let cfg = config.nixfiles.modules.piracy; in { - imports = lib.attrValues (lib.modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; options.nixfiles.modules.piracy = { enable = lib.mkEnableOption "tools for working with the BitTorrent protocol"; diff --git a/modules/piracy/jackett.nix b/modules/piracy/jackett.nix index 7ef9311..c26216e 100644 --- a/modules/piracy/jackett.nix +++ b/modules/piracy/jackett.nix @@ -34,13 +34,11 @@ in services.jackett.enable = true; - topology = with cfg; { - nodes.${this.hostname}.services.jackett = { - name = "Jackett"; - icon = "${inputs.homelab-svg-assets}/assets/jackett.svg"; - info = domain; - details.listen.text = "127.0.0.1:9117"; - }; + topology.nodes.${this.hostname}.services.jackett = { + name = "Jackett"; + icon = "${inputs.homelab-svg-assets}/assets/jackett.svg"; + info = cfg.domain; + details.listen.text = "127.0.0.1:9117"; }; }; } diff --git a/modules/piracy/lidarr.nix b/modules/piracy/lidarr.nix index a905d8e..400ba9f 100644 --- a/modules/piracy/lidarr.nix +++ b/modules/piracy/lidarr.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.piracy.lidarr; @@ -14,16 +13,16 @@ let in { options.nixfiles.modules.piracy.lidarr = { - enable = mkEnableOption "Lidarr"; + enable = lib.mkEnableOption "Lidarr"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "lidarr.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { secrets.lidarr-api-key.file = "${inputs.self}/secrets/lidarr-api-key"; ark.directories = [ "/var/lib/lidarr" ]; @@ -74,11 +73,9 @@ in ]; }; - topology = with cfg; { - nodes.${this.hostname}.services.lidarr = { - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.lidarr = { + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString port}"; }; }; } diff --git a/modules/prowlarr.nix b/modules/piracy/prowlarr.nix index c5bf5c0..ebcba7f 100644 --- a/modules/prowlarr.nix +++ b/modules/piracy/prowlarr.nix @@ -6,24 +6,23 @@ this, ... }: -with lib; let - cfg = config.nixfiles.modules.prowlarr; + cfg = config.nixfiles.modules.piracy.prowlarr; port = 9696; in { - options.nixfiles.modules.prowlarr = { - enable = mkEnableOption "Prowlarr"; + options.nixfiles.modules.piracy.prowlarr = { + enable = lib.mkEnableOption "Prowlarr"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "prowlarr.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # secrets.prowlarr-api-key.file = "${inputs.self}/secrets/prowlarr-api-key"; ark.directories = [ "/var/lib/private/prowlarr" ]; @@ -53,13 +52,11 @@ in }; }; - topology = with cfg; { - nodes.${this.hostname}.services.prowlarr = { - name = "Prowlarr"; - icon = "${inputs.homelab-svg-assets}/assets/prowlarr.svg"; - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.prowlarr = { + name = "Prowlarr"; + icon = "${inputs.homelab-svg-assets}/assets/prowlarr.svg"; + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString port}"; }; }; } diff --git a/modules/piracy/radarr.nix b/modules/piracy/radarr.nix index ac2fe7f..12f8d95 100644 --- a/modules/piracy/radarr.nix +++ b/modules/piracy/radarr.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.piracy.radarr; @@ -14,16 +13,16 @@ let in { options.nixfiles.modules.piracy.radarr = { - enable = mkEnableOption "Radarr"; + enable = lib.mkEnableOption "Radarr"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "radarr.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { secrets.radarr-api-key.file = "${inputs.self}/secrets/radarr-api-key"; ark.directories = [ "/var/lib/radarr" ]; @@ -74,11 +73,9 @@ in ]; }; - topology = with cfg; { - nodes.${this.hostname}.services.radarr = { - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.radarr = { + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString port}"; }; }; } diff --git a/modules/piracy/sonarr.nix b/modules/piracy/sonarr.nix index 8715a12..0761a3d 100644 --- a/modules/piracy/sonarr.nix +++ b/modules/piracy/sonarr.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.piracy.sonarr; @@ -14,16 +13,16 @@ let in { options.nixfiles.modules.piracy.sonarr = { - enable = mkEnableOption "Sonarr"; + enable = lib.mkEnableOption "Sonarr"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "sonarr.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { secrets.sonarr-api-key.file = "${inputs.self}/secrets/sonarr-api-key"; ark.directories = [ "/var/lib/sonarr" ]; @@ -74,11 +73,9 @@ in ]; }; - topology = with cfg; { - nodes.${this.hostname}.services.sonarr = { - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.sonarr = { + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString port}"; }; }; } diff --git a/modules/plausible.nix b/modules/plausible.nix index e910986..94e0d9d 100644 --- a/modules/plausible.nix +++ b/modules/plausible.nix @@ -5,23 +5,22 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.plausible; in { options.nixfiles.modules.plausible = { - enable = mkEnableOption "Plausible Analytics"; + enable = lib.mkEnableOption "Plausible Analytics"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 8000; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; nullOr str; + type = with lib.types; nullOr str; default = "plausible.${config.networking.domain}"; }; }; @@ -30,7 +29,7 @@ in let db = "plausible"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { _module.args.libPlausible = { htmlPlausibleScript = { @@ -88,12 +87,12 @@ in # }; mail = { - email = "plausible@${my.domain.shire}"; + email = "webmaster@${lib.my.domain.shire}"; smtp = { - hostAddr = my.domain.shire; + hostAddr = lib.my.domain.shire; hostPort = 465; enableSSL = true; - user = "azahi@${my.domain.shire}"; + user = "azahi@${lib.my.domain.shire}"; passwordFile = config.secrets.plausible-smtp-password.path; }; }; @@ -127,13 +126,14 @@ in requires = after; }; - topology = with cfg; { - nodes.${this.hostname}.services.plausible = { - name = "Plausible"; - icon = "${inputs.homelab-svg-assets}/assets/plausible.svg"; - info = domain; - details.listen.text = "${config.services.plausible.server.listenAddress}:${toString port}"; - }; + topology.nodes.${this.hostname}.services.plausible = { + name = "Plausible"; + icon = "${inputs.homelab-svg-assets}/assets/plausible.svg"; + info = cfg.domain; + details.listen.text = lib.concatStringsSep ":" [ + config.services.plausible.server.listenAddress + (toString cfg.port) + ]; }; }; } diff --git a/modules/postgresql.nix b/modules/postgresql.nix index f88831b..d5b712c 100644 --- a/modules/postgresql.nix +++ b/modules/postgresql.nix @@ -6,22 +6,21 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.postgresql; in { options.nixfiles.modules.postgresql = { - enable = mkEnableOption "PostgreSQL"; + enable = lib.mkEnableOption "PostgreSQL"; - package = mkOption { - type = types.package; + package = lib.mkOption { + type = lib.types.package; default = pkgs.postgresql_15; description = "PostgreSQL package to use."; }; - extraPostStart = mkOption { - type = with types; listOf str; + extraPostStart = lib.mkOption { + type = with lib.types; listOf str; default = [ ]; description = '' Additional post-startup commands. @@ -32,10 +31,10 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { - assertion = any (x: x == "en_GB.UTF-8/UTF-8") config.i18n.supportedLocales; + assertion = lib.any (x: x == "en_GB.UTF-8/UTF-8") config.i18n.supportedLocales; message = "The locale must be available"; } ]; @@ -70,14 +69,14 @@ in prometheus.exporters.postgres = { enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - port = mkDefault 9187; + listenAddress = lib.mkDefault this.wireguard.ipv4.address; + port = lib.mkDefault 9187; }; }; - systemd.services.postgresql.postStart = optionalString ( + systemd.services.postgresql.postStart = lib.optionalString ( cfg.extraPostStart != [ ] - ) concatLines cfg.extraPostStart; + ) lib.concatLines cfg.extraPostStart; environment.variables.PSQLRC = toString ( pkgs.writeText "psqlrc" '' diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix index 34093d0..cbfb665 100644 --- a/modules/profiles/default.nix +++ b/modules/profiles/default.nix @@ -5,20 +5,19 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.default; in { - imports = attrValues (modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; options.nixfiles.modules.profiles.default.enable = - mkEnableOption "The most default profile of them all." + lib.mkEnableOption "The most default profile of them all." // { default = true; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = !(with this; isHeadless && isHeadful); diff --git a/modules/profiles/dev/containers.nix b/modules/profiles/dev/containers.nix index 598289c..ce686b5 100644 --- a/modules/profiles/dev/containers.nix +++ b/modules/profiles/dev/containers.nix @@ -4,18 +4,17 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.dev.containers; in { options.nixfiles.modules.profiles.dev.containers.enable = - mkEnableOption "Tools for working with containers and container orchestration" + lib.mkEnableOption "Tools for working with containers and container orchestration" // { default = config.nixfiles.modules.profiles.dev.enable; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { common.shell.aliases = { h = "helm"; @@ -63,7 +62,7 @@ in ]; }; - xdg.dataFile."minikube/config/config.json".text = generators.toJSON { } { + xdg.dataFile."minikube/config/config.json".text = lib.generators.toJSON { } { config.Rootless = true; driver = "podman"; container-runtime = "cri-o"; diff --git a/modules/profiles/dev/default.nix b/modules/profiles/dev/default.nix index a6cc61d..89ed7a3 100644 --- a/modules/profiles/dev/default.nix +++ b/modules/profiles/dev/default.nix @@ -4,17 +4,16 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.dev; in { - imports = attrValues (modulesIn ./.); + imports = lib.modulesIn ./. |> lib.attrValues; options.nixfiles.modules.profiles.dev.enable = - mkEnableOption "Catch-all profile for stuff related to software development and etc."; + lib.mkEnableOption "Catch-all profile for stuff related to software development and etc."; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { common.nix.allowedUnfreePackages = [ "terraform" # source-available diff --git a/modules/profiles/dev/sql.nix b/modules/profiles/dev/sql.nix index c2d4894..cbab14a 100644 --- a/modules/profiles/dev/sql.nix +++ b/modules/profiles/dev/sql.nix @@ -4,18 +4,17 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.dev.sql; in { options.nixfiles.modules.profiles.dev.sql.enable = - mkEnableOption "SQL stuff and database management tools" + lib.mkEnableOption "SQL stuff and database management tools" // { default = config.nixfiles.modules.profiles.dev.enable; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { home.packages = with pkgs; [ pgcli @@ -63,15 +62,15 @@ in { name, custom }: { "${name}/config" = { - text = generators.toINI { } { + text = lib.generators.toINI { } { main = mainSection // custom; - colors = mapAttrs (_: v: "'${v}'") colorsSection; + colors = lib.mapAttrs (_: v: "'${v}'") colorsSection; }; }; }; in { - configFile = mkMerge ( + configFile = lib.mkMerge ( map mkCliConfig [ { name = "pgcli"; diff --git a/modules/profiles/email.nix b/modules/profiles/email.nix index 4c8d6eb..5f142dc 100644 --- a/modules/profiles/email.nix +++ b/modules/profiles/email.nix @@ -5,16 +5,15 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.email; in { - options.nixfiles.modules.profiles.email.enable = mkEnableOption "Local Email management" // { + options.nixfiles.modules.profiles.email.enable = lib.mkEnableOption "Local Email management" // { default = this.isHeadful; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.gnupg.enable = true; hm = { @@ -25,7 +24,7 @@ in let mkAccount = attrs: - mkMerge [ + lib.mkMerge [ { mbsync = { enable = true; @@ -52,15 +51,15 @@ in line ? 0, }: assert (builtins.isInt line); - concatStringsSep " " ( + lib.concatStringsSep " " ( [ - (getExe config.hm.programs.password-store.package) + (lib.getExe config.hm.programs.password-store.package) "show" path ] - ++ optionals (line > 0) [ + ++ lib.optionals (line > 0) [ "|" - (getExe pkgs.gnused) + (lib.getExe pkgs.gnused) "-e" "'${toString line}!d'" ] @@ -68,22 +67,23 @@ in in { shire = mkAccount rec { - address = my.email; + address = lib.my.email; aliases = [ address "frodo@rohan.net" "azahi@shire.net" ]; - realName = my.fullname; + realName = lib.my.fullname; signature = { showSignature = "append"; text = '' - Please consider using plain text when replying! - ~ https://useplaintext.email/#etiquette ~ + Firstname Lastname | Азат Багавиев + frodo@gondor.net | frodo@rohan.net + https://azahi.cc/ ''; }; gpg = { - inherit (my.pgp) key; + inherit (lib.my.pgp) key; signByDefault = false; encryptByDefault = false; }; diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix index e328691..62a036c 100644 --- a/modules/profiles/headful.nix +++ b/modules/profiles/headful.nix @@ -6,31 +6,29 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.profiles.headful; in { - options.nixfiles.modules.profiles.headful.enable = mkEnableOption "headful profile" // { + options.nixfiles.modules.profiles.headful.enable = lib.mkEnableOption "headful profile" // { default = this.isHeadful; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules = { common.xdg.defaultApplications."org.telegram.desktop" = [ "x-scheme-handler/tg" ]; profiles.dev.enable = true; - alacritty.enable = mkDefault true; + alacritty.enable = true; aria2.enable = true; bat.enable = true; chromium.enable = true; - dwm.enable = mkDefault false; emacs.enable = true; eza.enable = true; firefox.enable = true; - foot.enable = mkDefault true; - kde.enable = mkDefault true; + foot.enable = true; + kde.enable = true; mpv.enable = true; nullmailer.enable = true; openssh.client.enable = true; @@ -38,8 +36,8 @@ in sound.enable = true; thunderbird.enable = true; vscode.enable = true; - wayland.enable = mkDefault true; - x11.enable = mkDefault true; + wayland.enable = true; + x11.enable = true; zathura.enable = true; }; @@ -57,6 +55,8 @@ in anki audacity ayugram-desktop + bitwarden-cli + bitwarden-desktop byedpi eaglemode easyeffects @@ -87,7 +87,7 @@ in }; boot = { - kernelPackages = mkDefault ( + kernelPackages = lib.mkDefault ( if config.boot.zfs.enabled then pkgs.linuxKernel.packages |> lib.filterAttrs ( @@ -175,8 +175,8 @@ in system.extraDependencies = let collectFlakeInputs = - input: [ input ] ++ concatMap collectFlakeInputs (attrValues (input.inputs or { })); + input: [ input ] ++ (lib.attrValues (input.inputs or { }) |> lib.concatMap collectFlakeInputs); in - concatMap collectFlakeInputs (attrValues inputs); + lib.concatMap collectFlakeInputs (lib.attrValues inputs); }; } diff --git a/modules/prometheus.nix b/modules/prometheus.nix index 673f288..031b0b2 100644 --- a/modules/prometheus.nix +++ b/modules/prometheus.nix @@ -6,59 +6,56 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.prometheus; in { options.nixfiles.modules.prometheus = { - enable = mkEnableOption "Prometheus"; + enable = lib.mkEnableOption "Prometheus"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 30111; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "prometheus.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { - nixfiles.modules.nginx = with cfg; { + config = lib.mkIf cfg.enable { + nixfiles.modules.nginx = { enable = true; upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = { }; - virtualHosts.${domain} = { + virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://prometheus"; extraConfig = libNginx.config.internalOnly; }; }; - services.prometheus = with cfg; { + services.prometheus = { enable = true; enableReload = true; listenAddress = "127.0.0.1"; - inherit port; + inherit (cfg) port; extraFlags = [ - "--web.external-url=https://${domain}" + "--web.external-url=https://${cfg.domain}" "--storage.tsdb.retention.size=50GB" "--storage.tsdb.retention.time=1y" "--storage.tsdb.wal-compression" ]; }; - topology = with cfg; { - nodes.${this.hostname}.services.prometheus = { - name = "Prometheus"; - icon = "${inputs.homelab-svg-assets}/assets/prometheus.svg"; - info = domain; - details.listen.text = "127.0.0.1:${toString port}"; - }; + topology.nodes.${this.hostname}.services.prometheus = { + name = "Prometheus"; + icon = "${inputs.homelab-svg-assets}/assets/prometheus.svg"; + info = cfg.domain; + details.listen.text = "127.0.0.1:${toString cfg.port}"; }; }; } diff --git a/modules/promtail.nix b/modules/promtail.nix index 65d88d4..cf4eb3b 100644 --- a/modules/promtail.nix +++ b/modules/promtail.nix @@ -4,34 +4,33 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.promtail; in { options.nixfiles.modules.promtail = { - enable = mkEnableOption "Promtail"; + enable = lib.mkEnableOption "Promtail"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 30181; }; - loki.url = mkOption { + loki.url = lib.mkOption { description = "Address of a listening Loki service."; - type = with types; str; + type = lib.types.str; default = "https://${config.nixfiles.modules.loki.domain}"; }; - filters = mkOption { + filters = lib.mkOption { description = ''Filters to use with "scrape_config.pipeline_stages".''; - type = with types; listOf attrs; + type = with lib.types; listOf attrs; default = [ ]; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.promtail = { enable = true; @@ -70,11 +69,12 @@ in ( n: let - label = toLower n; + label = lib.toLower n; in { source_labels = [ "__journal_${label}" ]; - target_label = if hasPrefix "_" label then substring 1 (stringLength label - 1) label else label; + target_label = + if lib.hasPrefix "_" label then lib.substring 1 (lib.stringLength label - 1) label else label; } ) [ diff --git a/modules/psd.nix b/modules/psd.nix index 5bb9dc3..17fa04e 100644 --- a/modules/psd.nix +++ b/modules/psd.nix @@ -4,16 +4,15 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.psd; in { - options.nixfiles.modules.psd.enable = mkEnableOption "Profile Sync Daemon"; + options.nixfiles.modules.psd.enable = lib.mkEnableOption "Profile Sync Daemon"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { - home.packages = with pkgs; [ profile-sync-daemon ]; + home.packages = [ pkgs.profile-sync-daemon ]; xdg.configFile."psd/psd.conf".text = '' USE_OVERLAYFS="yes" @@ -24,7 +23,7 @@ in systemd.user = { services = let - exe = getExe' pkgs.profile-sync-daemon "profile-sync-daemon"; + exe = lib.getExe' pkgs.profile-sync-daemon "profile-sync-daemon"; in { psd = { diff --git a/modules/qutebrowser.nix b/modules/qutebrowser.nix index 6ba7c07..7ebc006 100644 --- a/modules/qutebrowser.nix +++ b/modules/qutebrowser.nix @@ -4,24 +4,23 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.qutebrowser; in { - options.nixfiles.modules.qutebrowser.enable = mkEnableOption "Qutebrowser"; + options.nixfiles.modules.qutebrowser.enable = lib.mkEnableOption "Qutebrowser"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.mpv.enable = true; hm = { - programs.qutebrowser = with config.nixfiles.modules; { + programs.qutebrowser = { enable = true; - keyBindings.normal = mkIf mpv.enable { + keyBindings.normal = lib.mkIf config.nixfiles.modules.mpv.enable { "z" = let - mpv = getExe config.hm.programs.mpv.package; + mpv = lib.getExe config.hm.programs.mpv.package; in "hint links spawn --detach ${mpv} {hint-url}"; }; @@ -169,9 +168,14 @@ in }; editor.command = [ - (if alacritty.enable then getExe pkgs.alacritty else getExe pkgs.xterm) + ( + if config.nixfiles.modules.alacritty.enable then + lib.getExe pkgs.alacritty + else + lib.getExe pkgs.xterm + ) "-e" - (getExe' config.programs.vim.package "vim") + (lib.getExe' config.programs.vim.package "vim") "-f" "{}" ]; @@ -245,11 +249,6 @@ in hide_decoration = false; title_format = "{perc}{current_title}{title_sep}qutebrowser"; }; - - qt = mkIf kde.enable { - force_platform = null; - force_platformtheme = "KDE"; - }; }; extraConfig = @@ -296,7 +295,7 @@ in } ]; in - concatLines final + "\n" + lib.concatLines final + "\n" ) + ( let @@ -306,7 +305,7 @@ in (allowSetting "desktop_capture" url) (allowSetting "media.audio_video_capture" url) ]; - allowedMediaCapture = flatten ( + allowedMediaCapture = lib.flatten ( map allowMediaCaptureSetting [ "https://discord.com" "https://web.telegram.org" @@ -321,7 +320,7 @@ in final = allowedMediaCapture ++ allowedNotifications; in - concatLines final + "\n" + lib.concatLines final + "\n" ); }; diff --git a/modules/radicale.nix b/modules/radicale.nix index 59fb4a2..0f83c7f 100644 --- a/modules/radicale.nix +++ b/modules/radicale.nix @@ -5,17 +5,16 @@ libNginx, ... }: -with lib; let cfg = config.nixfiles.modules.radicale; in { options.nixfiles.modules.radicale = { - enable = mkEnableOption "Radicale"; + enable = lib.mkEnableOption "Radicale"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "radicale.${config.networking.domain}"; }; }; @@ -24,7 +23,7 @@ in let port = 5232; in - mkIf cfg.enable { + lib.mkIf cfg.enable { ark.directories = [ "/var/lib/radicale" ]; secrets.radicale-htpasswd = { diff --git a/modules/redis.nix b/modules/redis.nix index e2151c7..2b68529 100644 --- a/modules/redis.nix +++ b/modules/redis.nix @@ -4,14 +4,13 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.redis; in { - options.nixfiles.modules.redis.enable = mkEnableOption "Redis"; + options.nixfiles.modules.redis.enable = lib.mkEnableOption "Redis"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ "/var/lib/redis-default" ]; services = { @@ -27,8 +26,8 @@ in prometheus.exporters = { redis = { enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - port = mkDefault 9121; + listenAddress = lib.mkDefault this.wireguard.ipv4.address; + port = lib.mkDefault 9121; extraFlags = with config.services.redis.servers.default; [ "--redis.addr=redis://${bind}:${toString port}" "--redis.user=${user}" diff --git a/modules/rss-bridge.nix b/modules/rss-bridge.nix index c890872..11b0970 100644 --- a/modules/rss-bridge.nix +++ b/modules/rss-bridge.nix @@ -4,22 +4,21 @@ libNginx, ... }: -with lib; let cfg = config.nixfiles.modules.rss-bridge; in { options.nixfiles.modules.rss-bridge = { - enable = mkEnableOption "RSS-Bridge"; + enable = lib.mkEnableOption "RSS-Bridge"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "rss-bridge.${config.networking.domain}"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { ark.directories = [ config.services.rss-bridge.dataDir ]; nixfiles.modules.nginx = { diff --git a/modules/searx.nix b/modules/searx.nix index 1b1e6d5..d4e7e30 100644 --- a/modules/searx.nix +++ b/modules/searx.nix @@ -14,7 +14,7 @@ in port = lib.mkOption { description = "Port."; - type = with lib.types; port; + type = lib.types.port; default = 61001; }; @@ -48,7 +48,7 @@ in settings = { general = { instance_name = cfg.domain; - contact_url = "mailto:searx@${config.networking.domain}"; + contact_url = "mailto:webmaster@${config.networking.domain}"; git_url = false; git_branch = false; docs_url = false; diff --git a/modules/shadowsocks.nix b/modules/shadowsocks.nix index 5f847be..a6f5948 100644 --- a/modules/shadowsocks.nix +++ b/modules/shadowsocks.nix @@ -6,22 +6,21 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.shadowsocks; in { options.nixfiles.modules.shadowsocks = { - enable = mkEnableOption "Shadowsocks"; + enable = lib.mkEnableOption "Shadowsocks"; - port = mkOption { - type = with types; port; + port = lib.mkOption { + type = lib.types.port; default = 8388; description = "Port."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { secrets.shadowsocks-json.file = "${inputs.self}/secrets/shadowsocks-json"; services.fail2ban.jails.shadowsocks = { @@ -45,7 +44,7 @@ in mergeJson = let configFile = pkgs.writeText "config.json" ( - generators.toJSON { } { + lib.generators.toJSON { } { server = "::"; server_port = cfg.port; # Can't really use AEAD-2022[1] just yet because it's not @@ -86,7 +85,7 @@ in ); in pkgs.writeShellScript "meregeJson" '' - ${getExe pkgs.jq} \ + ${lib.getExe pkgs.jq} \ -s '.[0] * .[1]' \ ${configFile} \ $CREDENTIALS_DIRECTORY/secret.json \ @@ -98,7 +97,7 @@ in }; }; - environment.etc = mkIf config.nixfiles.modules.fail2ban.enable { + environment.etc = lib.mkIf config.nixfiles.modules.fail2ban.enable { "fail2ban/filter.d/shadowsocks.conf".text = '' [Definition] failregex = ^.*tcp handshake failed.*\[::ffff:<ADDR>\].*$ @@ -111,34 +110,32 @@ in # https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks boot.kernel.sysctl = { - "net.core.rmem_max" = mkOverride 100 (pow 2 26); - "net.core.wmem_max" = mkOverride 100 (pow 2 26); - "net.core.netdev_max_backlog" = pow 2 18; - "net.core.somaxconn" = pow 2 12; + "net.core.rmem_max" = lib.pow 2 26 |> lib.mkOverride 100; + "net.core.wmem_max" = lib.pow 2 26 |> lib.mkOverride 100; + "net.core.netdev_max_backlog" = lib.pow 2 18; + "net.core.somaxconn" = lib.pow 2 12; "net.ipv4.tcp_syncookies" = 1; - "net.ipv4.tcp_tw_reuse" = mkOverride 100 1; - "net.ipv4.tcp_tw_recycle" = mkOverride 100 0; - "net.ipv4.tcp_fin_timeout" = mkOverride 100 30; + "net.ipv4.tcp_tw_reuse" = lib.mkOverride 100 1; + "net.ipv4.tcp_tw_recycle" = lib.mkOverride 100 0; + "net.ipv4.tcp_fin_timeout" = lib.mkOverride 100 30; "net.ipv4.tcp_keepalive_time" = 60 * 20; "net.ipv4.ip_local_port_range" = "10000 65000"; - "net.ipv4.tcp_max_syn_backlog" = pow 2 13; - "net.ipv4.tcp_max_tw_buckets" = pow 2 12; - "net.ipv4.tcp_fastopen" = mkOverride 100 3; - "net.ipv4.tcp_mem" = mkOverride 100 (mkTcpMem 15 16 17); - "net.ipv4.tcp_rmem" = mkOverride 100 (mkTcpMem 12 16 26); - "net.ipv4.tcp_wmem" = mkOverride 100 (mkTcpMem 12 16 26); - "net.ipv4.tcp_mtu_probing" = mkOverride 100 1; + "net.ipv4.tcp_max_syn_backlog" = lib.pow 2 13; + "net.ipv4.tcp_max_tw_buckets" = lib.pow 2 12; + "net.ipv4.tcp_fastopen" = lib.mkOverride 100 3; + "net.ipv4.tcp_mem" = lib.mkTcpMem 15 16 17 |> lib.mkOverride 100; + "net.ipv4.tcp_rmem" = lib.mkTcpMem 12 16 26 |> lib.mkOverride 100; + "net.ipv4.tcp_wmem" = lib.mkTcpMem 12 16 26 |> lib.mkOverride 100; + "net.ipv4.tcp_mtu_probing" = lib.mkOverride 100 1; }; - topology = with cfg; { - nodes.${this.hostname}.services.shadowsocks = { - name = "Shadowsocks"; - icon = pkgs.fetchurl { - url = "https://upload.wikimedia.org/wikipedia/commons/f/f5/Shadowsocks-Logo.svg"; - hash = "sha256-NzGt0WQA4NQpMPsOTWgBrghuewxQeDoSe46oTm0f+BY="; - }; - details.listen.text = ":::${toString port}"; + topology.nodes.${this.hostname}.services.shadowsocks = { + name = "Shadowsocks"; + icon = pkgs.fetchurl { + url = "https://upload.wikimedia.org/wikipedia/commons/f/f5/Shadowsocks-Logo.svg"; + hash = "sha256-NzGt0WQA4NQpMPsOTWgBrghuewxQeDoSe46oTm0f+BY="; }; + details.listen.text = ":::${toString cfg.port}"; }; }; } diff --git a/modules/sing-box.nix b/modules/sing-box.nix index 9fc86eb..74c86af 100644 --- a/modules/sing-box.nix +++ b/modules/sing-box.nix @@ -4,16 +4,15 @@ lib, ... }: -with lib; let cfg = config.nixfiles.modules.sing-box; in { options.nixfiles.modules.sing-box = { - enable = mkEnableOption ""; + enable = lib.mkEnableOption ""; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.enable -> !config.nixfiles.modules.nginx.enable; diff --git a/modules/soju.nix b/modules/soju.nix index dbf069d..f84d9c0 100644 --- a/modules/soju.nix +++ b/modules/soju.nix @@ -4,46 +4,45 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.soju; in { options.nixfiles.modules.soju = { - enable = mkEnableOption "soju"; + enable = lib.mkEnableOption "soju"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 6697; }; - httpPort = mkOption { + httpPort = lib.mkOption { description = "HTTP Port."; - type = with types; port; + type = lib.types.port; default = 9981; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain."; - type = with types; str; + type = lib.types.str; default = config.networking.fqdn; }; - uploadsDir = mkOption { + uploadsDir = lib.mkOption { description = "Uploads directory."; - type = with types; str; + type = lib.types.str; default = "/srv/soju/uploads"; }; prometheus = { - enable = mkEnableOption "Prometheus exporter" // { + enable = lib.mkEnableOption "Prometheus exporter" // { default = true; }; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 9259; }; }; @@ -53,7 +52,7 @@ in let db = "soju"; in - mkIf cfg.enable { + lib.mkIf cfg.enable { nixfiles.modules = { acme.enable = true; nginx = { @@ -118,9 +117,9 @@ in listen ircs://:${toString cfg.port} listen http://localhost:${toString cfg.httpPort} tls ${with config.certs.${cfg.domain}; "${directory}/fullchain.pem ${directory}/key.pem"} - ${with cfg.prometheus; optionalString enable "listen http+prometheus://localhost:${toString port}"} + ${lib.optionalString cfg.prometheus.enable "listen http+prometheus://localhost:${toString cfg.prometheus.port}"} db postgres "${ - concatStringsSep " " [ + lib.concatStringsSep " " [ "host=/run/postgresql" "user=${db}" "dbname=${db}" diff --git a/modules/solaar.nix b/modules/solaar.nix deleted file mode 100644 index 17a04de..0000000 --- a/modules/solaar.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.solaar; -in -{ - options.nixfiles.modules.solaar = { - enable = mkEnableOption "Solaar"; - }; - - config = mkIf cfg.enable { - hm = { - home.packages = with pkgs; [ solaar ]; - - systemd.user.services.solaar = { - Unit = { - Description = "Device manager for Logitech devices"; - After = [ "graphical-session-pre.target" ]; - PartOf = [ "graphical-session.target" ]; - }; - Service = { - # The dirtiest hack I've ever implemented... I should be ashamed of - # it. Regardless, that shit still doesn't work because each reconnect, - # /dev/hidraw* is recreated and has default permissions which breaks - # Solaar. Fuck this shit. - ExecStartPre = getExe ( - pkgs.writeShellApplication { - name = "solaar-pre"; - text = '' - for i in /dev/hidraw*; do - if [ -c "$i" ]; then - sudo chown root:input "$i" - sudo chmod 0660 "$i" - fi - done - ''; - } - ); - ExecStart = "${getExe pkgs.solaar "solaar"} --window=hide"; - }; - Install.WantedBy = [ "graphical-session.target" ]; - }; - }; - - boot.kernelModules = [ - "hid_logitech_dj" - "hid_logitech_hidpp" - ]; - - hardware.uinput.enable = true; - - my.extraGroups = [ - "uinput" - "input" - ]; - }; -} diff --git a/modules/sound.nix b/modules/sound.nix index 49ca5bc..db15686 100644 --- a/modules/sound.nix +++ b/modules/sound.nix @@ -4,15 +4,14 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.sound; in { - options.nixfiles.modules.sound.enable = mkEnableOption "sound support"; + options.nixfiles.modules.sound.enable = lib.mkEnableOption "sound support"; config = - mkIf cfg.enable { + lib.mkIf cfg.enable { services.pipewire = { enable = true; diff --git a/modules/subversion.nix b/modules/subversion.nix deleted file mode 100644 index 64ddcf3..0000000 --- a/modules/subversion.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.subversion; -in -{ - options.nixfiles.modules.subversion.enable = mkEnableOption "Subversion"; - - config = mkIf cfg.enable { - nixfiles.modules.gnupg.enable = true; - - hm.home = { - file = { - ".subversion/config".text = generators.toINI { } { - auth = { - password-stores = "gpg-agent"; - ssl-client-cert-file-prompt = "no"; - store-passwords = "yes"; - store-auth-creds = "yes"; - }; - helpers = { - editor-cmd = getExe' config.programs.vim.package "vim"; - diff-cmd = getExe pkgs.colordiff; - }; - miscellany = { - global-ignores = - with config.hm.programs.git; - optionalString (ignores != [ ]) (concatStringsSep " " ignores); - diff-ignore-content-type = "no"; - }; - working-copy = { - exclusive-locking-clients = "svn"; - exclusive-locking = true; - busy-timeout = 10000; - }; - }; - - ".subversion/servers".text = generators.toINI { } { - global = { - store-auth-creds = "yes"; - store-passwords = "yes"; - store-plaintext-passwords = "yes"; - }; - }; - }; - - packages = [ (pkgs.subversionClient.override { saslSupport = true; }) ]; - }; - }; -} diff --git a/modules/syncthing.nix b/modules/syncthing.nix index d239aa4..af5754b 100644 --- a/modules/syncthing.nix +++ b/modules/syncthing.nix @@ -6,156 +6,157 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.syncthing; in { options.nixfiles.modules.syncthing = { - enable = mkEnableOption "Syncthing"; + enable = lib.mkEnableOption "Syncthing"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 8384; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "syncthing.${config.networking.fqdn}"; }; }; - config = mkIf cfg.enable (mkMerge [ - { - secrets = { - "syncthing-cert-${this.hostname}" = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-cert-${this.hostname}"; - owner = user; - inherit group; - }; + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + secrets = { + "syncthing-cert-${this.hostname}" = with config.services.syncthing; { + file = "${inputs.self}/secrets/syncthing-cert-${this.hostname}"; + owner = user; + inherit group; + }; - "syncthing-key-${this.hostname}" = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-key-${this.hostname}"; - owner = user; - inherit group; + "syncthing-key-${this.hostname}" = with config.services.syncthing; { + file = "${inputs.self}/secrets/syncthing-key-${this.hostname}"; + owner = user; + inherit group; + }; }; - }; - services.syncthing = { - enable = true; + services.syncthing = { + enable = true; - user = my.username; - inherit (config.my) group; + user = lib.my.username; + inherit (config.my) group; - dataDir = "${config.dirs.config}/syncthing"; - configDir = config.services.syncthing.dataDir; + dataDir = "${config.dirs.config}/syncthing"; + configDir = config.services.syncthing.dataDir; - guiAddress = "127.0.0.1:${toString cfg.port}"; + guiAddress = "127.0.0.1:${toString cfg.port}"; - cert = config.secrets."syncthing-cert-${this.hostname}".path; - key = config.secrets."syncthing-key-${this.hostname}".path; + cert = config.secrets."syncthing-cert-${this.hostname}".path; + key = config.secrets."syncthing-key-${this.hostname}".path; - overrideDevices = false; - overrideFolders = false; + overrideDevices = false; + overrideFolders = false; - settings = { - options = { - announceLANAddresses = false; - autoUpgradeIntervalH = 0; - crashReportingEnabled = false; - globalAnnounceEnabled = false; - relaysEnabled = false; - setLowPriority = this.isHeadful; - stunKeepaliveStartS = 0; - urAccepted = -1; - }; + settings = { + options = { + announceLANAddresses = false; + autoUpgradeIntervalH = 0; + crashReportingEnabled = false; + globalAnnounceEnabled = false; + relaysEnabled = false; + setLowPriority = this.isHeadful; + stunKeepaliveStartS = 0; + urAccepted = -1; + }; - gui = { - insecureAdminAccess = this.isHeadless; - insecureSkipHostcheck = this.isHeadless; - }; + gui = { + insecureAdminAccess = this.isHeadless; + insecureSkipHostcheck = this.isHeadless; + }; - devices = mapAttrs ( - name: attr: - mkIf (hasAttr "syncthing" attr && hasAttr "wireguard" attr) { - inherit (attr.syncthing) id; - compression = "always"; - introducer = false; - addresses = [ - "quic://${name}.${config.networking.domain}:22000" - "tcp://${name}.${config.networking.domain}:22000" - ]; - autoAcceptFolders = true; - untrusted = false; - } - ) my.configurations; - - folders = - let - filterDevices = - f: - attrNames ( - filterAttrs ( - _: attr: attr.hostname != this.hostname && hasAttr "syncthing" attr && f attr - ) my.configurations - ); - all = filterDevices (_: true); - notHeadless = filterDevices (attr: !attr.isHeadless); - notOther = filterDevices (attr: !attr.isOther); - - simple = { - type = "simple"; - params.keep = "5"; - }; - trashcan = { - type = "trashcan"; - params.cleanouctDays = "7"; - }; - in - with config.hm.xdg.userDirs; - { - share = { - path = publicShare; - devices = notHeadless; - versioning = trashcan; + devices = lib.mapAttrs ( + name: attr: + lib.mkIf (lib.hasAttr "syncthing" attr && lib.hasAttr "wireguard" attr) { + inherit (attr.syncthing) id; + compression = "always"; + introducer = false; + addresses = [ + "quic://${name}.${config.networking.domain}:22000" + "tcp://${name}.${config.networking.domain}:22000" + ]; + autoAcceptFolders = true; + untrusted = false; + } + ) lib.my.configurations; + + folders = + let + filterDevices = + f: + lib.attrNames ( + lib.filterAttrs ( + _: attr: attr.hostname != this.hostname && lib.hasAttr "syncthing" attr && f attr + ) lib.my.configurations + ); + all = filterDevices (_: true); + notHeadless = filterDevices (attr: !attr.isHeadless); + notOther = filterDevices (attr: !attr.isOther); + + simple = { + type = "simple"; + params.keep = "5"; + }; + trashcan = { + type = "trashcan"; + params.cleanouctDays = "7"; + }; + in + with config.hm.xdg.userDirs; + { + share = { + path = publicShare; + devices = notHeadless; + versioning = trashcan; + }; + org = { + path = "${documents}/org"; + devices = all; + versioning = simple; + }; + roam = { + path = "${documents}/roam"; + devices = notOther; + versioning = simple; + }; + elfeed = { + path = "${config.my.home}/.elfeed"; + devices = notOther; + versioning = trashcan; + }; + books = { + path = "${documents}/books"; + devices = notOther; + versioning = trashcan; + }; }; - org = { - path = "${documents}/org"; - devices = all; - versioning = simple; - }; - roam = { - path = "${documents}/roam"; - devices = notOther; - versioning = simple; - }; - elfeed = { - path = "${config.my.home}/.elfeed"; - devices = notOther; - versioning = trashcan; - }; - books = { - path = "${documents}/books"; - devices = notOther; - versioning = trashcan; - }; - }; + }; }; - }; - - systemd.services.syncthing.environment.STNODEFAULTFOLDER = "yes"; - } - (mkIf this.isHeadless { - nixfiles.modules.nginx = { - enable = true; - upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = { }; - virtualHosts.${cfg.domain} = { - locations."/".proxyPass = "http://syncthing"; - extraConfig = libNginx.config.internalOnly; + + systemd.services.syncthing.environment.STNODEFAULTFOLDER = "yes"; + } + (lib.mkIf this.isHeadless { + nixfiles.modules.nginx = { + enable = true; + upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = { }; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://syncthing"; + extraConfig = libNginx.config.internalOnly; + }; }; - }; - }) - ]); + }) + ] + ); } diff --git a/modules/thunderbird.nix b/modules/thunderbird.nix index 74af3b5..18bb1ed 100644 --- a/modules/thunderbird.nix +++ b/modules/thunderbird.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.thunderbird; in { - options.nixfiles.modules.thunderbird.enable = mkEnableOption "Thunderbird"; + options.nixfiles.modules.thunderbird.enable = lib.mkEnableOption "Thunderbird"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common.xdg.defaultApplications.thunderbird = [ "message/rfc822" "x-scheme-handler/mailto" diff --git a/modules/tmux.nix b/modules/tmux.nix index a754222..4818035 100644 --- a/modules/tmux.nix +++ b/modules/tmux.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.tmux; in { - options.nixfiles.modules.tmux.enable = mkEnableOption "tmux"; + options.nixfiles.modules.tmux.enable = lib.mkEnableOption "tmux"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.programs.tmux = { enable = true; diff --git a/modules/unbound-ng.nix b/modules/unbound-ng.nix deleted file mode 100644 index 583d22a..0000000 --- a/modules/unbound-ng.nix +++ /dev/null @@ -1,185 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - this, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.unbound-ng; -in -{ - options.nixfiles.modules.unbound-ng = { - enable = mkEnableOption "Unbound"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = config.networking.domain; - }; - }; - - config = mkIf cfg.enable { - ark.directories = [ config.services.unbound.stateDir ]; - - nixfiles.modules.redis.enable = true; - - services = { - unbound = { - enable = true; - - package = pkgs.unbound-with-systemd.override { - withRedis = true; - withTFO = true; - }; - - checkconf = true; - settings = { - server = { - module-config = ''"respip validator iterator"''; - - interface = with this.wireguard-ng; [ - "127.0.0.1" - "::1" - ipv4.address - ipv6.address - ]; - - local-zone = concatLists ( - mapAttrsToList (h: _: [ "\"${h}.${cfg.domain}\" redirect" ]) my.configurations - ); - local-data = concatLists ( - mapAttrsToList ( - hostname: - let - domain = "${hostname}.${cfg.domain}"; - in - attr: - (optionals (hasAttr "wireguard-ng" attr) ( - with attr.wireguard-ng; - [ - "\"${domain} 604800 IN A ${ipv4.address}\"" - "\"${domain} 604800 IN AAAA ${ipv6.address}\"" - "\"${domain}. A ${ipv4.address}\"" - "\"${domain}. AAAA ${ipv6.address}\"" - ] - ++ (optionals (hasAttr "domains" attr) ( - concatMap (domain: [ - "\"${domain}. A ${ipv4.address}\"" - "\"${domain}. AAAA ${ipv6.address}\"" - ]) attr.domains - )) - )) - ) my.configurations - ); - local-data-ptr = concatLists ( - mapAttrsToList ( - hostname: - let - domain = "${hostname}.${cfg.domain}"; - in - attr: - (optionals (hasAttr "wireguard-ng" attr) ( - with attr.wireguard-ng; - [ - "\"${ipv4.address} ${domain}\"" - "\"${ipv6.address} ${domain}\"" - ] - ++ (optionals (hasAttr "domains" attr) ( - concatMap (domain: [ - "\"${ipv4.address} ${domain}\"" - "\"${ipv6.address} ${domain}\"" - ]) attr.domains - )) - )) - ) my.configurations - ); - - private-domain = map (domain: "${domain}.") [ - cfg.domain - "local" - ]; - private-address = with config.nixfiles.modules.wireguard-ng; [ - ipv4.subnet - ipv6.subnet - ]; - - access-control = with config.nixfiles.modules.wireguard-ng; [ - "0.0.0.0/0 refuse" - "::/0 refuse" - "127.0.0.0/8 allow" - "::1/128 allow" - "${ipv4.subnet} allow" - "${ipv6.subnet} allow" - ]; - - cache-min-ttl = 0; - - serve-expired = true; - serve-expired-reply-ttl = 0; - - prefetch = true; - prefetch-key = true; - - hide-identity = true; - hide-version = true; - - extended-statistics = true; - - log-replies = false; - log-tag-queryreply = false; - log-local-actions = false; - - verbosity = 0; - }; - - forward-zone = [ - { - name = "."; - forward-tls-upstream = true; - forward-addr = dns.mkDoT dns.const.quad9.ecs; - } - ]; - - cachedb = with config.services.redis.servers.default; { - backend = "redis"; - redis-server-host = bind; - redis-server-port = port; - }; - - rpz = { - name = "hagezi.pro"; - zonefile = "hagezi.pro"; - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/pro.txt"; - }; - }; - - enableRootTrustAnchor = true; - - localControlSocketPath = "/run/unbound/unbound.sock"; - }; - - prometheus.exporters.unbound = { - enable = true; - listenAddress = mkDefault this.wireguard-ng.ipv4.address; - port = 9167; - inherit (config.services.unbound) group user; - unbound.host = "unix://${config.services.unbound.localControlSocketPath}"; - }; - }; - - boot.kernel.sysctl."net.ipv4.tcp_fastopen" = mkOverride 200 3; - - topology = with cfg; { - nodes.${this.hostname}.services.unbound = { - name = "Unbound"; - icon = "${inputs.homelab-svg-assets}/assets/unbound.svg"; - details.listen.text = concatMapStringsSep "\n" (i: "${i}:53") ( - filter (i: i != "127.0.0.1" && i != "::1") config.services.unbound.settings.server.interface - ); - }; - }; - }; -} diff --git a/modules/unbound.nix b/modules/unbound.nix index 7156409..c38c25b 100644 --- a/modules/unbound.nix +++ b/modules/unbound.nix @@ -49,7 +49,7 @@ in local-zone = lib.my.configurations - |> lib.mapAttrsToList (x: _: [ "\"${x}.${cfg.domain}\" redirect" ]) + |> lib.mapAttrsToList (x: _: [ ''"${x}.${cfg.domain}" redirect'' ]) |> lib.concatLists; local-data = lib.concatLists ( lib.mapAttrsToList ( @@ -166,9 +166,9 @@ in rpz = [ { - name = "hagezi-pro"; - zonefile = "hagezi-pro"; - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/pro.txt"; + name = "hagezi-ultimate"; + zonefile = "hagezi-ultimate"; + url = "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/rpz/ultimate.txt"; } { name = "big-osid"; @@ -221,16 +221,14 @@ in boot.kernel.sysctl."net.ipv4.tcp_fastopen" = lib.mkOverride 200 3; - topology = { - nodes.${this.hostname}.services.unbound = { - name = "Unbound"; - icon = "${inputs.homelab-svg-assets}/assets/unbound.svg"; - details.listen.text = - config.services.unbound.settings.server.interface - |> lib.filter (x: x != "127.0.0.1" && x != "::1") - |> map (x: "${x}:53") - |> lib.concatLines; - }; + topology.nodes.${this.hostname}.services.unbound = { + name = "Unbound"; + icon = "${inputs.homelab-svg-assets}/assets/unbound.svg"; + details.listen.text = + config.services.unbound.settings.server.interface + |> lib.filter (x: x != "127.0.0.1" && x != "::1") + |> map (x: "${x}:53") + |> lib.concatLines; }; }; } diff --git a/modules/victoriametrics.nix b/modules/victoriametrics.nix deleted file mode 100644 index ac4ac58..0000000 --- a/modules/victoriametrics.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - config, - lib, - libNginx, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.victoriametrics; -in -{ - options.nixfiles.modules.victoriametrics = { - enable = mkEnableOption "VictoriaMetrics"; - - port = mkOption { - description = "Port."; - type = with types; port; - default = 30113; - }; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "victoriametrics.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules.nginx = with cfg; { - enable = true; - upstreams.victoriametrics.servers."127.0.0.1:${toString cfg.port}" = { }; - virtualHosts.${domain} = { - locations."/".proxyPass = "http://victoriametrics"; - extraConfig = libNginx.config.internalOnly; - }; - }; - - services.victoriametrics = { - enable = true; - - listenAddress = "127.0.0.1:${toString cfg.port}"; - - extraOptions = [ - "-loggerLevel=WARN" - # TODO scrape_config - ]; - }; - }; -} diff --git a/modules/vim.nix b/modules/vim.nix index f1dba85..6273957 100644 --- a/modules/vim.nix +++ b/modules/vim.nix @@ -5,23 +5,22 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.vim; in { - options.nixfiles.modules.vim.enable = mkEnableOption "Vim"; + options.nixfiles.modules.vim.enable = lib.mkEnableOption "Vim"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm.stylix.targets.vim.enable = false; programs.vim = { enable = true; defaultEditor = true; - package = mkIf this.isHeadful ( + package = lib.mkIf this.isHeadful ( pkgs.vim-full.customize { name = "vim"; - vimrcConfig = with cfg; { + vimrcConfig = { customRC = '' let $VIMFILES = expand('<sfile>:p:h') @@ -193,6 +192,7 @@ in command WS w !sudo tee "%" >/dev/null ''; + packages.myVimPackage.start = with pkgs.vimPlugins; [ editorconfig-vim vim-eunuch diff --git a/modules/vscode.nix b/modules/vscode.nix index 3b0c3e1..0eebdda 100644 --- a/modules/vscode.nix +++ b/modules/vscode.nix @@ -5,34 +5,34 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.vscode; in { options.nixfiles.modules.vscode = { - enable = mkEnableOption "VSCode"; + enable = lib.mkEnableOption "VSCode"; - package = - with pkgs; - mkOption { - type = types.enum [ + package = lib.mkOption { + type = lib.types.enum ( + with pkgs; + [ vscodium vscode vscode-fhs - ]; - default = vscodium; - description = "Which package to use as a VSCode implementation."; - }; + ] + ); + default = pkgs.vscodium; + description = "Which package to use as a VSCode implementation."; + }; - vim.enable = mkOption { - type = types.bool; + vim.enable = lib.mkOption { + type = lib.types.bool; default = true; description = "Whether to enable Vim emulation."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { stylix.targets.vscode.enable = false; @@ -77,7 +77,7 @@ in task.vscode-task vscode-org-mode.org-mode ] - ++ optional cfg.vim.enable vscodevim.vim; + ++ lib.optional cfg.vim.enable vscodevim.vim; userSettings = { # Something tries to write this every startup. I can't be arsed to @@ -153,20 +153,18 @@ in useFullyQualifiedCollectionNames = true; reuseTerminal = true; }; - validation.lint.path = getExe' pkgs.ansible-lint "ansible-lint"; + validation.lint.path = lib.getExe' pkgs.ansible-lint "ansible-lint"; }; - bashIde.shellcheckPath = getExe' pkgs.shellcheck "shellcheck"; + bashIde.shellcheckPath = lib.getExe' pkgs.shellcheck "shellcheck"; cSpell.language = "en-GB,en,ru"; - direnv = { - restart.automatic = true; - }; + direnv.restart.automatic = true; magit = { forge-enabled = true; - git-path = getExe config.hm.programs.git.package; + git-path = lib.getExe config.hm.programs.git.package; }; git.openRepositoryInParentFolders = "always"; @@ -176,55 +174,55 @@ in gitProtocol = "ssh"; }; - terraform = { - languageServer.path = getExe' pkgs.terraform-ls "terraform-ls"; - languageServer.terraform.path = getExe pkgs.opentofu; - }; + # terraform = { + # languageServer.path = lib.getExe' pkgs.terraform-ls "terraform-ls"; + # languageServer.terraform.path = lib.getExe pkgs.opentofu; + # }; - haskell = { - formattingProvider = "ormolu"; - serverExecutablePath = getExe' pkgs.haskell-language-server "haskell-language-server"; - }; + # haskell = { + # formattingProvider = "ormolu"; + # serverExecutablePath = lib.getExe' pkgs.haskell-language-server "haskell-language-server"; + # }; nix = { - formatterPath = getExe pkgs.nixfmt; + formatterPath = lib.getExe pkgs.nixfmt; enableLanguageServer = true; - serverPath = getExe pkgs.nixd; - serverSettings.nixd.formatting.command = getExe pkgs.nixfmt; - }; - - python = with pkgs.python311Packages; { - experiments.optOutFrom = [ "All" ]; - pipenvPath = getExe' pkgs.pipenv "pipenv"; - poetryPath = getExe' pkgs.poetry "poetry"; - formatting = { - provider = "black"; - autopep8Path = getExe' autopep8 "autopep8"; - blackPath = getExe' black "black"; - yapfPath = getExe' yapf "yapf"; - }; - linting = { - enabled = true; - banditPath = getExe' bandit "bandit"; - flake8Path = getExe' flake8 "flake8"; - mypyPath = getExe' mypy "mypy"; - pycodestylePath = getExe' pycodestyle "pycodestyle"; - pydocstylePath = getExe' pydocstyle "pydocstyle"; - pylamaPath = getExe' pylama "pylama"; - pylintPath = getExe' pylint "pylint"; - }; - testing = { - pytestPath = getExe' pytest "pytest"; - }; - }; - - rust-client = { - disableRustup = true; - rustupPath = getExe' pkgs.rustup "rustup"; - rustfmt_path = getExe pkgs.rustfmt; - }; - - vim = mkIf cfg.vim.enable { + serverPath = lib.getExe pkgs.nixd; + serverSettings.nixd.formatting.command = lib.getExe pkgs.nixfmt; + }; + + # python = with pkgs.python311Packages; { + # experiments.optOutFrom = [ "All" ]; + # pipenvPath = lib.getExe' pkgs.pipenv "pipenv"; + # poetryPath = lib.getExe' pkgs.poetry "poetry"; + # formatting = { + # provider = "black"; + # autopep8Path = lib.getExe' autopep8 "autopep8"; + # blackPath = lib.getExe' black "black"; + # yapfPath = lib.getExe' yapf "yapf"; + # }; + # linting = { + # enabled = true; + # banditPath = lib.getExe' bandit "bandit"; + # flake8Path = lib.getExe' flake8 "flake8"; + # mypyPath = lib.getExe' mypy "mypy"; + # pycodestylePath = lib.getExe' pycodestyle "pycodestyle"; + # pydocstylePath = lib.getExe' pydocstyle "pydocstyle"; + # pylamaPath = lib.getExe' pylama "pylama"; + # pylintPath = lib.getExe' pylint "pylint"; + # }; + # testing = { + # pytestPath = lib.getExe' pytest "pytest"; + # }; + # }; + + # rust-client = { + # disableRustup = true; + # rustupPath = lib.getExe' pkgs.rustup "rustup"; + # rustfmt_path = lib.getExe pkgs.rustfmt; + # }; + + vim = lib.mkIf cfg.vim.enable { easymotion = true; leader = " "; diff --git a/modules/wayland.nix b/modules/wayland.nix index f15f66e..8dcbfc8 100644 --- a/modules/wayland.nix +++ b/modules/wayland.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.wayland; in { - options.nixfiles.modules.wayland.enable = mkEnableOption "Wayland"; + options.nixfiles.modules.wayland.enable = lib.mkEnableOption "Wayland"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.foot.enable = true; hm.home = { diff --git a/modules/wget.nix b/modules/wget.nix index 0e8ee64..b1f28c2 100644 --- a/modules/wget.nix +++ b/modules/wget.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.wget; in { - options.nixfiles.modules.wget.enable = mkEnableOption "wget"; + options.nixfiles.modules.wget.enable = lib.mkEnableOption "wget"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { programs.bash.shellAliases.wget = "wget --hsts-file=/tmp/wget-hsts"; @@ -32,6 +31,6 @@ in ''; }; - environment.systemPackages = with pkgs; [ wget ]; + environment.systemPackages = [ pkgs.wget ]; }; } diff --git a/modules/wireguard-ng.nix b/modules/wireguard-ng.nix deleted file mode 100644 index 1d291c9..0000000 --- a/modules/wireguard-ng.nix +++ /dev/null @@ -1,231 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - this, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.wireguard-ng; - - DNSSetup = optionalString config.services.resolved.enable ( - let - resolvectl = "${config.systemd.package}/bin/resolvectl"; - in - '' - ${resolvectl} dns ${cfg.interface} ${cfg.server.ipv6.address} ${cfg.server.ipv4.address} - ${resolvectl} domain ${cfg.interface} local ${my.domain.shire} - ${resolvectl} dnssec ${cfg.interface} no - ${resolvectl} dnsovertls ${cfg.interface} no - '' - ); -in -{ - options.nixfiles.modules.wireguard-ng = { - client = { - enable = mkEnableOption "WireGuard client"; - - enableTrafficRouting = mkOption { - description = "Whether to enable traffic routing through the sever."; - type = with types; bool; - # default = !this.isHeadless; - default = false; - }; - }; - - server = { - enable = mkEnableOption "WireGuard server"; - - ipv4.address = mkOption { - description = "IPv4 address to bind to."; - type = with types; str; - default = my.configurations.tulkas.wireguard-ng.ipv4.address; - }; - - ipv6.address = mkOption { - description = "IPv4 address to bind to."; - type = with types; str; - default = my.configurations.tulkas.wireguard-ng.ipv6.address; - }; - - address = mkOption { - description = "Endpoint address to use"; - type = with types; str; - default = my.configurations.tulkas.ipv4.address; - }; - - port = mkOption { - description = "Endpoint port to use."; - type = with types; int; - default = 7070; - }; - - publicKey = mkOption { - description = "Server's public key."; - type = with types; str; - default = my.configurations.tulkas.wireguard.publicKey; - }; - - peers = mkOption { - description = "List of peers."; - type = with types; listOf attrs; - default = - mapAttrsToList - ( - _: attr: with attr; { - inherit (wireguard-ng) publicKey; - allowedIPs = with wireguard-ng; [ - "${ipv6.address}/128" - "${ipv4.address}/32" - ]; - } - ) - ( - filterAttrs ( - _: attr: attr.hostname != this.hostname && hasAttr "wireguard-ng" attr - ) my.configurations - ); - }; - }; - - interface = mkOption { - description = "Name of the interface to use WireGuard with."; - type = with types; str; - default = "wg70"; - }; - - ipv4.subnet = mkOption { - description = "CIDR notation for the IPv4 subnet to use over WireGuard."; - type = with types; str; - default = "10.70.0.0/16"; - }; - - ipv6.subnet = mkOption { - description = "CIDR notation for the IPv6 subnet to use over WireGuard."; - type = with types; str; - default = "fd70::/16"; - }; - }; - - config = - { - assertions = [ - { - assertion = config.security.sudo.enable; - message = "Sudo is not enabled."; - } - { - assertion = any (x: x == "wheel") config.my.extraGroups; - message = ''User is not in the "wheel" group.''; - } - ]; - } - // mkMerge [ - (mkIf (cfg.client.enable || cfg.server.enable) { - secrets."wireguard-private-key-${this.hostname}".file = - "${inputs.self}/secrets/wireguard-private-key-${this.hostname}"; - - networking.firewall.trustedInterfaces = [ cfg.interface ]; - }) - (mkIf cfg.client.enable { - networking.wg-quick.interfaces.${cfg.interface} = mkMerge [ - (with this.wireguard-ng; { - privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; - address = [ - "${ipv4.address}/16" - "${ipv6.address}/16" - ]; - }) - (with cfg.server; { - peers = [ - { - inherit publicKey; - endpoint = "${address}:${toString port}"; - allowedIPs = - if cfg.client.enableTrafficRouting then - [ - "::/0" - "0.0.0.0/0" - ] - else - [ - cfg.ipv6.subnet - cfg.ipv4.subnet - ]; - } - ]; - dns = [ - ipv6.address - ipv4.address - ]; - postUp = DNSSetup; - }) - ]; - - environment.systemPackages = with pkgs; [ - (writeShellApplication { - name = "wg-toggle-ng"; - runtimeInputs = [ - iproute2 - jq - ]; - text = '' - ip46() { - sudo ip -4 "$@" - sudo ip -6 "$@" - } - - fwmark=$(sudo awg show ${cfg.interface} fwmark) || exit - if ip -j rule list lookup "$fwmark" | jq -e 'length > 0' >/dev/null; then - ip46 rule del lookup main suppress_prefixlength 0 - ip46 rule del lookup "$fwmark" - else - ip46 rule add not fwmark "$fwmark" lookup "$fwmark" - ip46 rule add lookup main suppress_prefixlength 0 - fi - ''; - }) - ]; - }) - (mkIf cfg.server.enable { - networking = { - wireguard = { - enable = true; - interfaces.${cfg.interface} = with cfg.server; { - privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; - ips = [ - "${ipv6.address}/16" - "${ipv4.address}/16" - ]; - listenPort = port; - inherit peers; - postSetup = DNSSetup; - allowedIPsAsRoutes = false; - }; - }; - - nat = { - enable = true; - enableIPv6 = true; - - externalInterface = mkDefault "eth0"; - - internalInterfaces = [ cfg.interface ]; - internalIPs = [ cfg.ipv4.subnet ]; - internalIPv6s = [ cfg.ipv6.subnet ]; - }; - - firewall.allowedUDPPorts = [ cfg.server.port ]; - }; - - services.prometheus.exporters.wireguard = { - enable = true; - listenAddress = mkDefault this.wireguard-ng.ipv4.address; - withRemoteIp = true; - port = 9586; - }; - }) - ]; -} diff --git a/modules/wireguard.nix b/modules/wireguard.nix index bb5daad..98addc8 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -155,20 +155,20 @@ in }) (lib.mkIf cfg.client.enable { networking.wg-quick.interfaces.${cfg.interface} = lib.mkMerge [ - (with this.wireguard; { + { type = "amneziawg"; privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; - address = [ + address = with this.wireguard; [ "${ipv4.address}/16" "${ipv6.address}/16" ]; inherit extraOptions; - }) + } (with cfg.server; { peers = [ { inherit publicKey; - endpoint = "${address}:${port |> toString}"; + endpoint = "${address}:${toString port}"; allowedIPs = if cfg.client.enableTrafficRouting then [ diff --git a/modules/x11.nix b/modules/x11.nix index 4edab6b..32cc781 100644 --- a/modules/x11.nix +++ b/modules/x11.nix @@ -4,14 +4,13 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.x11; in { - options.nixfiles.modules.x11.enable = mkEnableOption "X11"; + options.nixfiles.modules.x11.enable = lib.mkEnableOption "X11"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { hm = { home = { sessionVariables = { @@ -21,16 +20,16 @@ in XCOMPOSECACHE = "${config.dirs.cache}/libx11/compose"; }; - packages = with pkgs; [ xclip ]; + packages = [ pkgs.xclip ]; }; xresources.properties = { - "Xft.antialias" = mkDefault 1; - "Xft.autohint" = mkDefault 0; - "Xft.hinting" = mkDefault 1; - "Xft.hintstyle" = mkDefault "hintslight"; - "Xft.lcdfilter" = mkDefault "lcddefault"; - "Xft.rgba" = mkDefault "rgb"; + "Xft.antialias" = lib.mkDefault 1; + "Xft.autohint" = lib.mkDefault 0; + "Xft.hinting" = lib.mkDefault 1; + "Xft.hintstyle" = lib.mkDefault "hintslight"; + "Xft.lcdfilter" = lib.mkDefault "lcddefault"; + "Xft.rgba" = lib.mkDefault "rgb"; }; services.xsettingsd = { @@ -59,7 +58,7 @@ in services.xserver = { enable = true; - tty = mkDefault 1; + tty = lib.mkDefault 1; autoRepeatDelay = 200; autoRepeatInterval = 50; diff --git a/modules/zathura.nix b/modules/zathura.nix index cef841c..8d0dc96 100644 --- a/modules/zathura.nix +++ b/modules/zathura.nix @@ -1,12 +1,11 @@ { config, lib, ... }: -with lib; let cfg = config.nixfiles.modules.zathura; in { - options.nixfiles.modules.zathura.enable = mkEnableOption "Zathura PDF reader"; + options.nixfiles.modules.zathura.enable = lib.mkEnableOption "Zathura PDF reader"; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nixfiles.modules.common.xdg.defaultApplications."org.pwmt.zathura" = [ "application/pdf" "application/epub+zip" |