about summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2022-10-08 01:04:01 +0300
committerAzat Bahawi <azat@bahawi.net>2022-10-08 01:04:01 +0300
commita0a3dcde99c4a8aa19b23ead79c08eedca30d002 (patch)
tree06387d2676fa1656df7db976f3601d00b08bd1a8 /modules
parent2022-09-22 (diff)
2022-10-08
Diffstat (limited to 'modules')
-rw-r--r--modules/nixfiles/alacritty.nix2
-rw-r--r--modules/nixfiles/bluetooth.nix1
-rw-r--r--modules/nixfiles/common/networking.nix48
-rw-r--r--modules/nixfiles/common/nix/default.nix85
-rw-r--r--modules/nixfiles/common/security.nix26
-rw-r--r--modules/nixfiles/emacs/default.nix26
-rw-r--r--modules/nixfiles/emacs/doom/config.el5
-rw-r--r--modules/nixfiles/emacs/doom/init.el4
-rw-r--r--modules/nixfiles/endlessh-go.nix2
-rw-r--r--modules/nixfiles/firefox/profile.nix2
-rw-r--r--modules/nixfiles/games/lutris.nix9
-rw-r--r--modules/nixfiles/games/mangohud.nix16
-rw-r--r--modules/nixfiles/git.nix15
-rw-r--r--modules/nixfiles/mpv.nix10
-rw-r--r--modules/nixfiles/node-exporter.nix2
-rw-r--r--modules/nixfiles/profiles/headful.nix13
-rw-r--r--modules/nixfiles/wireguard.nix2
17 files changed, 178 insertions, 90 deletions
diff --git a/modules/nixfiles/alacritty.nix b/modules/nixfiles/alacritty.nix
index bafc0d9..5f8833a 100644
--- a/modules/nixfiles/alacritty.nix
+++ b/modules/nixfiles/alacritty.nix
@@ -62,7 +62,7 @@ in {
               foreground = red;
               background = black;
             };
-            bar = {
+            footer_bar = {
               foreground = black;
               background = white;
             };
diff --git a/modules/nixfiles/bluetooth.nix b/modules/nixfiles/bluetooth.nix
index a1fd58f..8347361 100644
--- a/modules/nixfiles/bluetooth.nix
+++ b/modules/nixfiles/bluetooth.nix
@@ -13,7 +13,6 @@ in {
   config = mkIf cfg.enable {
     hardware.bluetooth = {
       enable = true;
-      package = pkgs.bluezFull;
       settings.General.FastConnectable = true;
     };
 
diff --git a/modules/nixfiles/common/networking.nix b/modules/nixfiles/common/networking.nix
index 0ff7e3d..3085797 100644
--- a/modules/nixfiles/common/networking.nix
+++ b/modules/nixfiles/common/networking.nix
@@ -12,36 +12,60 @@ with lib; {
     +recurse
   '';
 
-  networking = {
+  # TODO Support multiple interfaces and IP addresses.
+  networking = let
+    interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false.
+  in {
+    domain = my.domain.shire;
+
     hostName = this.hostname;
     hostId = substring 0 8 (builtins.hashString "md5" this.hostname);
-    domain = my.domain.shire;
 
-    usePredictableInterfaceNames = false;
+    nameservers = mkDefault dns.const.quad9.default;
 
     useDHCP = false;
 
-    nameservers = dns.const.quad9.default;
+    # This could potentially break something.
+    usePredictableInterfaceNames = false;
+    interfaces.${interface} = {
+      ipv4.addresses = with this.ipv4;
+        optional (isString address && isInt prefixLength) {
+          inherit address prefixLength;
+        };
 
-    hosts = {
-      "127.0.0.2" = mkForce [];
-      "::1" = mkForce [];
+      ipv6.addresses = with this.ipv6;
+        optional (isString address && isInt prefixLength) {
+          inherit address prefixLength;
+        };
     };
+    defaultGateway = with this.ipv4;
+      mkIf (isString gatewayAddress) {
+        inherit interface;
+        address = gatewayAddress;
+      };
+    defaultGateway6 = with this.ipv6;
+      mkIf (isString gatewayAddress) {
+        inherit interface;
+        address = gatewayAddress;
+      };
 
     firewall = {
       enable = true;
 
-      logRefusedConnections = false;
-      logRefusedPackets = false;
-
       rejectPackets = false;
 
-      allowPing = config.nixfiles.modules.profiles.headless.enable;
+      allowPing = true;
+      pingLimit = "--limit 1/minute --limit-burst 5";
+
+      logRefusedConnections = false;
+      logRefusedPackets = false;
+      logRefusedUnicastsOnly = false;
+      logReversePathDrops = false;
     };
   };
 
   environment = {
-    systemPackages = with pkgs; [dnsutils ldns myip rsync];
+    systemPackages = with pkgs; [myip];
 
     shellAliases = listToAttrs (map
       ({
diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix
index 878505c..47cd5c1 100644
--- a/modules/nixfiles/common/nix/default.nix
+++ b/modules/nixfiles/common/nix/default.nix
@@ -33,14 +33,24 @@ with lib; {
   in {
     # https://github.com/NixOS/nix/blob/master/src/libutil/experimental-features.cc
     extraOptions = ''
+      max-jobs = auto
+      warn-dirty = false
+      flake-registry = ${inputs.flake-registry}/flake-registry.json
       extra-experimental-features = ca-derivations
       extra-experimental-features = flakes
       extra-experimental-features = nix-command
       extra-experimental-features = recursive-nix
-      flake-registry = ${inputs.flake-registry}/flake-registry.json
-      keep-derivations = true
-      keep-outputs = true
-      warn-dirty = false
+      keep-going = true
+      keep-derivations = ${
+        if this.isHeadful
+        then "true"
+        else "false"
+      }
+      keep-outputs = ${
+        if this.isHeadful
+        then "true"
+        else "false"
+      }
     '';
 
     nixPath =
@@ -57,14 +67,12 @@ with lib; {
       substituters = [
         "https://azahi.cachix.org"
         "https://cachix.cachix.org"
-        "https://mic92.cachix.org"
         "https://nix-community.cachix.org"
         "https://pre-commit-hooks.cachix.org"
       ];
       trusted-public-keys = [
         "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s="
         "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
-        "mic92.cachix.org-1:gi8IhgiT3CYZnJsaW7fxznzTkMUOn1RY4GmXdT/nXYQ="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc="
       ];
@@ -91,21 +99,13 @@ with lib; {
           patches = [./patches/alejandra-no-ads.patch];
         });
 
-        # https://github.com/NixOS/nixpkgs/pull/191633
-        inherit
-          (pkgsPR
-            "191633"
-            "sha256-gk0x/hZ/XfLo5PZ4lai4oRhawDUw68LsE2dp5c3FYIA=")
-          soju
-          ;
-
-        # Currently broken in Nixpkgs.
-        inherit
-          (pkgsRev
-            "ee01de29d2f58d56b1be4ae24c24bd91c5380cea"
-            "sha256-R18MixER2iwduNqOlLzXUms0Z7G3emnKZOKyQS52SSA=")
-          gotify-server
-          ;
+        # https://github.com/NixOS/nixpkgs/pull/192671
+        # inherit
+        #   (pkgsPR
+        #     "192671"
+        #     "sha256-BdmWzoR+l7f7aV2oTmA8kfm63Y9UZFHABni8xRgkK/M=")
+        #   please
+        #   ;
       }
       // (with super; let
         np = nodePackages;
@@ -143,29 +143,34 @@ with lib; {
     defaultPackages = [];
     systemPackages = with pkgs;
       optionals this.isHeadful [
+        nix-du
         nix-top
         nix-tree
       ];
   };
 
-  hm.home.file.".nix-defexpr/default.nix".text =
-    optionalString this.isHeadful
-    (
-      let
-        hostname = strings.escapeNixIdentifier this.hostname;
-      in ''
+  hm.home = {
+    packages = with pkgs; [nix-index];
+
+    file.".nix-defexpr/default.nix".text =
+      optionalString this.isHeadful
+      (
         let
-          self = builtins.getFlake "nixfiles";
-          configurations = self.nixosConfigurations;
-          local = configurations.${hostname};
-        in rec {
-          inherit self;
-          inherit (self) inputs lib;
-          inherit (lib) my;
-          this = my.configurations.${hostname};
-          inherit (local) config;
-          inherit (local.config.system.build) toplevel vm vmWithBootLoader manual;
-        } // configurations // local._module.args
-      ''
-    );
+          hostname = strings.escapeNixIdentifier this.hostname;
+        in ''
+          let
+            self = builtins.getFlake "nixfiles";
+            configurations = self.nixosConfigurations;
+            local = configurations.${hostname};
+          in rec {
+            inherit self;
+            inherit (self) inputs lib;
+            inherit (lib) my;
+            this = my.configurations.${hostname};
+            inherit (local) config;
+            inherit (local.config.system.build) toplevel vm vmWithBootLoader manual;
+          } // configurations // local._module.args
+        ''
+      );
+  };
 }
diff --git a/modules/nixfiles/common/security.nix b/modules/nixfiles/common/security.nix
index 2ac5a22..30b4276 100644
--- a/modules/nixfiles/common/security.nix
+++ b/modules/nixfiles/common/security.nix
@@ -1,4 +1,9 @@
-_: {
+{
+  inputs,
+  lib,
+  ...
+}:
+with lib; {
   security = {
     sudo = {
       enable = true;
@@ -21,4 +26,23 @@ _: {
       '';
     };
   };
+
+  # Remove this later.
+  # imports = ["${inputs.nixpkgs-pr-please}/nixos/modules/security/please.nix"];
+  # security.please = {
+  #   enable = true;
+  #   settings.root = {
+  #     name = my.username;
+  #     target = "root";
+  #     rule = ".*";
+  #     require_pass = false;
+  #   };
+  #   settings.root_edit = {
+  #     name = my.username;
+  #     type = "edit";
+  #     target = "root";
+  #     rule = ".*";
+  #     require_pass = false;
+  #   };
+  # };
 }
diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix
index 6b73151..41ef523 100644
--- a/modules/nixfiles/emacs/default.nix
+++ b/modules/nixfiles/emacs/default.nix
@@ -11,10 +11,8 @@ in {
   options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs";
 
   config = mkIf cfg.enable {
-    # TODO Make magit-forge to work with this.
     secrets.authinfo = {
       file = "${inputs.self}/secrets/authinfo";
-      path = "${config.my.home}/.authinfo";
       owner = my.username;
       inherit (config.my) group;
     };
@@ -115,6 +113,20 @@ in {
             concatMapStringsSep ":" (x: "${x}/bin") extraBins
           }"))
 
+          (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}"
+                                     :size ${toString config.fontScheme.monospaceFont.size})
+                doom-unicode-font doom-font)
+
+          (appendq! auth-sources '("${config.secrets.authinfo.path}"))
+
+          (setq user-full-name "${my.fullname}"
+                user-mail-address "${my.email}")
+
+          ;; :app irc
+          (setq circe-default-nick "${my.username}"
+                circe-default-realname "${my.email}"
+                circe-default-user circe-default-nick)
+
           ;; :lang plantuml
           (setq org-plantuml-jar-path "${pkgs.plantuml}/lib/plantuml.jar")
 
@@ -124,16 +136,6 @@ in {
           ;; :input japanese
           (setq skk-large-jisyo "${pkgs.skk-dicts}/share/skk/SKK-JISYO.L")
 
-          (setq user-full-name "${my.fullname}"
-                user-mail-address "${my.email}")
-
-          (setq circe-default-nick "${my.username}"
-                circe-default-realname "${my.fullname}"
-                circe-default-user circe-default-nick)
-
-          (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}"
-                                     :size ${toString config.fontScheme.monospaceFont.size})
-                doom-unicode-font doom-font)
         '';
       };
 
diff --git a/modules/nixfiles/emacs/doom/config.el b/modules/nixfiles/emacs/doom/config.el
index 546af9a..fedd98d 100644
--- a/modules/nixfiles/emacs/doom/config.el
+++ b/modules/nixfiles/emacs/doom/config.el
@@ -119,6 +119,7 @@
       mu4e-context-policy 'ask-if-none
       mu4e-compose-context-policy 'always-ask
       mu4e-compose--org-msg-toggle-next nil
+      mu4e-update-interval 60
       sendmail-program (executable-find "msmtp")
       send-mail-function #'smtpmail-send-it
       message-sendmail-f-is-evil t
@@ -127,6 +128,8 @@
       +mu4e-personal-addresses (list "frodo@gondor.net"
                                      "frodo@rohan.net"
                                      "azahi@shire.me"
+                                     "admin@shire.me"
+                                     "ceo@shire.me"
                                      "a.gondor@yahoo.com"
                                      "a.gondor@yahoo.com"))
 
@@ -146,6 +149,8 @@
                       (smtpmail-smtp-user . "azahi"))
                     t)
 
+(setq +mu4e-compose-org-msg-toggle-next nil)
+
 ;;
 ;;; Circe
 ;;
diff --git a/modules/nixfiles/emacs/doom/init.el b/modules/nixfiles/emacs/doom/init.el
index 98317ec..718d5cb 100644
--- a/modules/nixfiles/emacs/doom/init.el
+++ b/modules/nixfiles/emacs/doom/init.el
@@ -25,7 +25,7 @@
        (vc-gutter +diff-hl +pretty)
        window-select
        workspaces
-       zen
+       ;; zen
 
        :editor
        (evil +everywhere)
@@ -113,7 +113,7 @@
        (zig +lsp +tree-sitter)
 
        :email
-       mu4e
+       (mu4e +org)
 
        :app
        calendar
diff --git a/modules/nixfiles/endlessh-go.nix b/modules/nixfiles/endlessh-go.nix
index 891d484..56c415e 100644
--- a/modules/nixfiles/endlessh-go.nix
+++ b/modules/nixfiles/endlessh-go.nix
@@ -10,7 +10,7 @@ with lib; let
   cfg = config.nixfiles.modules.endlessh-go;
 in {
   # Remove this later.
-  imports = ["${inputs.nixpkgs-endlessh-go}/nixos/modules/services/security/endlessh-go.nix"];
+  imports = ["${inputs.nixpkgs-pr-endlessh-go}/nixos/modules/services/security/endlessh-go.nix"];
 
   options.nixfiles.modules.endlessh-go.enable = mkEnableOption "endlessh-go";
 
diff --git a/modules/nixfiles/firefox/profile.nix b/modules/nixfiles/firefox/profile.nix
index 93ade51..2649402 100644
--- a/modules/nixfiles/firefox/profile.nix
+++ b/modules/nixfiles/firefox/profile.nix
@@ -399,7 +399,7 @@ in {
     "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
     #
     "browser.startup.page" = 1;
-    "browser.startup.homepage" = "about:blank"; # TODO Custom?
+    "browser.startup.homepage" = "about:blank";
     "browser.startup.homepage_welcome_url" = "";
     "browser.startup.homepage_welcome_url.additional" = "";
     #
diff --git a/modules/nixfiles/games/lutris.nix b/modules/nixfiles/games/lutris.nix
index c474a44..0c942a8 100644
--- a/modules/nixfiles/games/lutris.nix
+++ b/modules/nixfiles/games/lutris.nix
@@ -11,8 +11,9 @@ in {
 
   config = mkIf cfg.enable {
     nixfiles.modules.games = {
-      steam-run.enable = true;
       gamemode.enable = true;
+      mangohud.enable = true;
+      steam-run.enable = true;
     };
 
     # This removes the annoying warning.
@@ -22,10 +23,8 @@ in {
       (lutris.override {
         lutris-unwrapped = lutris-unwrapped.override {
           wine = buildFHSUserEnv {
-            # We don't really need Wine because Lutris downloads required
-            # runtime files for us. This feature is more robust because you can
-            # juggle different versions without manually rebuilding anything
-            # because nixpkgs cache was pruned.
+            # We don't really need Wine because Lutris downloads the required
+            # runtime for us.
             name = "empty";
           };
         };
diff --git a/modules/nixfiles/games/mangohud.nix b/modules/nixfiles/games/mangohud.nix
index 0625652..b521687 100644
--- a/modules/nixfiles/games/mangohud.nix
+++ b/modules/nixfiles/games/mangohud.nix
@@ -8,5 +8,19 @@ with lib; let
 in {
   options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud";
 
-  config = mkIf cfg.enable {hm.programs.mangohud.enable = true;};
+  config = mkIf cfg.enable {
+    hm.programs.mangohud = {
+      enable = true;
+      settings = {
+        fps = true;
+        gpu_stats = true;
+        gpu_temp = true;
+        cpu_stats = true;
+        cpu_temp = true;
+      };
+      settingsPerApplication = {
+        mpv.no_display = true;
+      };
+    };
+  };
 }
diff --git a/modules/nixfiles/git.nix b/modules/nixfiles/git.nix
index c7a2ba6..b121f8f 100644
--- a/modules/nixfiles/git.nix
+++ b/modules/nixfiles/git.nix
@@ -89,11 +89,19 @@ in {
               }
               // mapAttrs'
               (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) {
+                "alpine" = "gitlab.alpinelinux.org";
                 "bitbucket" = "bitbucket.com";
                 "codeberg" = "codeberg.org";
+                "freedesktop" = "gitlab.freedesktop.org";
                 "github" = "github.com";
                 "gitlab" = "gitlab.com";
+                "gnome" = "gitlab.gnome.org";
+                "haskell" = "gitlab.haskell.org";
+                "kde" = "invent.kde.org";
+                "notabug" = "notabug.org";
+                "opencode" = "opencode.net";
                 "sourcehut" = "git.sr.ht";
+                "videolan" = "code.videolan.org";
               };
 
             aliases = let
@@ -138,12 +146,6 @@ in {
             initExtra = mkAfter "_complete_alias gl __start_glab glab";
           };
         };
-
-        xdg.configFile."glab-cli/aliases.yml".text = generators.toYAML {} {
-          ci = "pipeline ci";
-          co = "mr checkout";
-          li = "ci lint";
-        };
       };
     })
     (mkIf cfg.server.enable {
@@ -187,6 +189,7 @@ in {
               fastcgi_param QUERY_STRING $args;
               fastcgi_param HTTP_HOST $server_name;
             '';
+            # FIXME This breaks sources previewing for these files.
             "~* ^/(.+.(ico|css|png))$".extraConfig = ''
               alias ${cfg.server.package}/cgit/$1;
             '';
diff --git a/modules/nixfiles/mpv.nix b/modules/nixfiles/mpv.nix
index 0c3fcc5..2072bc6 100644
--- a/modules/nixfiles/mpv.nix
+++ b/modules/nixfiles/mpv.nix
@@ -14,9 +14,15 @@ in {
       mpv = {
         enable = true;
 
+        # This is so dumb. And people still wonder why NixOS is so inacessable
+        # to outsiders.
         package = with pkgs;
-          mpv-with-scripts.override {
-            scripts = with mpvScripts; [autoload mpv-autosub sponsorblock];
+          wrapMpv mpv-unwrapped {
+            scripts = with mpvScripts; [
+              autoload
+              mpv-autosub
+              sponsorblock
+            ];
           };
 
         bindings = {
diff --git a/modules/nixfiles/node-exporter.nix b/modules/nixfiles/node-exporter.nix
index fad1cc8..43f48f6 100644
--- a/modules/nixfiles/node-exporter.nix
+++ b/modules/nixfiles/node-exporter.nix
@@ -16,6 +16,7 @@ in {
       port = 9100;
       enabledCollectors = [
         "buddyinfo"
+        "cgroups"
         "ethtool"
         "interrupts"
         "ksmd"
@@ -26,7 +27,6 @@ in {
         "processes"
         "qdisc"
         "systemd"
-        "tcpstat"
         "zoneinfo"
       ];
     };
diff --git a/modules/nixfiles/profiles/headful.nix b/modules/nixfiles/profiles/headful.nix
index afe9194..0563640 100644
--- a/modules/nixfiles/profiles/headful.nix
+++ b/modules/nixfiles/profiles/headful.nix
@@ -34,9 +34,13 @@ in {
     hm = {
       home.packages = with pkgs; [
         calibre
+        fd
         imv
-        kotatogram-desktop
-        nheko
+        neochat
+        ripgrep
+        ripgrep-all
+        sd
+        tdesktop
         tor-browser
       ];
 
@@ -89,6 +93,7 @@ in {
       };
 
       programs = {
+        bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open";
         mbsync.enable = true;
         msmtp.enable = true;
         mu.enable = true;
@@ -121,16 +126,16 @@ in {
       iftop.enable = true;
       mtr.enable = true;
       traceroute.enable = true;
-
-      bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open";
     };
 
     services.upower.enable = true;
 
     environment.systemPackages = with pkgs; [
       arping
+      dnsutils
       ethtool
       inetutils
+      ldns
       nethogs
       socat
       tcpdump
diff --git a/modules/nixfiles/wireguard.nix b/modules/nixfiles/wireguard.nix
index f98b4e3..d05c6ae 100644
--- a/modules/nixfiles/wireguard.nix
+++ b/modules/nixfiles/wireguard.nix
@@ -177,6 +177,8 @@ in {
             enable = true;
             enableIPv6 = true;
 
+            externalInterface = mkDefault "eth0";
+
             internalInterfaces = [cfg.interface];
             internalIPs = [cfg.ipv4.subnet];
             internalIPv6s = [cfg.ipv6.subnet];

Consider giving Nix/NixOS a try! <3